2 * PowerPC MMU, TLB, SLB and BAT emulation helpers for QEMU.
4 * Copyright (c) 2003-2007 Jocelyn Mayer
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
22 #include "exec/helper-proto.h"
23 #include "sysemu/kvm.h"
25 #include "mmu-hash64.h"
26 #include "mmu-hash32.h"
27 #include "exec/cpu_ldst.h"
32 //#define DEBUG_SOFTWARE_TLB
33 //#define DUMP_PAGE_TABLES
34 //#define FLUSH_ALL_TLBS
37 # define LOG_MMU_STATE(cpu) log_cpu_state_mask(CPU_LOG_MMU, (cpu), 0)
39 # define LOG_MMU_STATE(cpu) do { } while (0)
42 #ifdef DEBUG_SOFTWARE_TLB
43 # define LOG_SWTLB(...) qemu_log_mask(CPU_LOG_MMU, __VA_ARGS__)
45 # define LOG_SWTLB(...) do { } while (0)
49 # define LOG_BATS(...) qemu_log_mask(CPU_LOG_MMU, __VA_ARGS__)
51 # define LOG_BATS(...) do { } while (0)
54 /*****************************************************************************/
55 /* PowerPC MMU emulation */
57 /* Context used internally during MMU translations */
58 typedef struct mmu_ctx_t mmu_ctx_t;
60 hwaddr raddr; /* Real address */
61 hwaddr eaddr; /* Effective address */
62 int prot; /* Protection bits */
63 hwaddr hash[2]; /* Pagetable hash values */
64 target_ulong ptem; /* Virtual segment ID | API */
65 int key; /* Access key */
66 int nx; /* Non-execute area */
69 /* Common routines used by software and hardware TLBs emulation */
70 static inline int pte_is_valid(target_ulong pte0)
72 return pte0 & 0x80000000 ? 1 : 0;
75 static inline void pte_invalidate(target_ulong *pte0)
80 #define PTE_PTEM_MASK 0x7FFFFFBF
81 #define PTE_CHECK_MASK (TARGET_PAGE_MASK | 0x7B)
83 static int pp_check(int key, int pp, int nx)
87 /* Compute access rights */
110 access = PAGE_READ | PAGE_WRITE;
121 static int check_prot(int prot, int rw, int access_type)
125 if (access_type == ACCESS_CODE) {
126 if (prot & PAGE_EXEC) {
132 if (prot & PAGE_WRITE) {
138 if (prot & PAGE_READ) {
148 static inline int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
149 target_ulong pte1, int h, int rw, int type)
151 target_ulong ptem, mmask;
152 int access, ret, pteh, ptev, pp;
155 /* Check validity and table match */
156 ptev = pte_is_valid(pte0);
157 pteh = (pte0 >> 6) & 1;
158 if (ptev && h == pteh) {
159 /* Check vsid & api */
160 ptem = pte0 & PTE_PTEM_MASK;
161 mmask = PTE_CHECK_MASK;
162 pp = pte1 & 0x00000003;
163 if (ptem == ctx->ptem) {
164 if (ctx->raddr != (hwaddr)-1ULL) {
165 /* all matches should have equal RPN, WIMG & PP */
166 if ((ctx->raddr & mmask) != (pte1 & mmask)) {
167 qemu_log_mask(CPU_LOG_MMU, "Bad RPN/WIMG/PP\n");
171 /* Compute access rights */
172 access = pp_check(ctx->key, pp, ctx->nx);
173 /* Keep the matching PTE informations */
176 ret = check_prot(ctx->prot, rw, type);
179 qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
181 /* Access right violation */
182 qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
190 static int pte_update_flags(mmu_ctx_t *ctx, target_ulong *pte1p,
195 /* Update page flags */
196 if (!(*pte1p & 0x00000100)) {
197 /* Update accessed flag */
198 *pte1p |= 0x00000100;
201 if (!(*pte1p & 0x00000080)) {
202 if (rw == 1 && ret == 0) {
203 /* Update changed flag */
204 *pte1p |= 0x00000080;
207 /* Force page fault for first write access */
208 ctx->prot &= ~PAGE_WRITE;
215 /* Software driven TLB helpers */
216 static inline int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr,
217 int way, int is_code)
221 /* Select TLB num in a way from address */
222 nr = (eaddr >> TARGET_PAGE_BITS) & (env->tlb_per_way - 1);
224 nr += env->tlb_per_way * way;
225 /* 6xx have separate TLBs for instructions and data */
226 if (is_code && env->id_tlbs == 1) {
233 static inline void ppc6xx_tlb_invalidate_all(CPUPPCState *env)
235 PowerPCCPU *cpu = ppc_env_get_cpu(env);
239 /* LOG_SWTLB("Invalidate all TLBs\n"); */
240 /* Invalidate all defined software TLB */
242 if (env->id_tlbs == 1) {
245 for (nr = 0; nr < max; nr++) {
246 tlb = &env->tlb.tlb6[nr];
247 pte_invalidate(&tlb->pte0);
249 tlb_flush(CPU(cpu), 1);
252 static inline void ppc6xx_tlb_invalidate_virt2(CPUPPCState *env,
254 int is_code, int match_epn)
256 #if !defined(FLUSH_ALL_TLBS)
257 CPUState *cs = CPU(ppc_env_get_cpu(env));
261 /* Invalidate ITLB + DTLB, all ways */
262 for (way = 0; way < env->nb_ways; way++) {
263 nr = ppc6xx_tlb_getnum(env, eaddr, way, is_code);
264 tlb = &env->tlb.tlb6[nr];
265 if (pte_is_valid(tlb->pte0) && (match_epn == 0 || eaddr == tlb->EPN)) {
266 LOG_SWTLB("TLB invalidate %d/%d " TARGET_FMT_lx "\n", nr,
268 pte_invalidate(&tlb->pte0);
269 tlb_flush_page(cs, tlb->EPN);
273 /* XXX: PowerPC specification say this is valid as well */
274 ppc6xx_tlb_invalidate_all(env);
278 static inline void ppc6xx_tlb_invalidate_virt(CPUPPCState *env,
279 target_ulong eaddr, int is_code)
281 ppc6xx_tlb_invalidate_virt2(env, eaddr, is_code, 0);
284 static void ppc6xx_tlb_store(CPUPPCState *env, target_ulong EPN, int way,
285 int is_code, target_ulong pte0, target_ulong pte1)
290 nr = ppc6xx_tlb_getnum(env, EPN, way, is_code);
291 tlb = &env->tlb.tlb6[nr];
292 LOG_SWTLB("Set TLB %d/%d EPN " TARGET_FMT_lx " PTE0 " TARGET_FMT_lx
293 " PTE1 " TARGET_FMT_lx "\n", nr, env->nb_tlb, EPN, pte0, pte1);
294 /* Invalidate any pending reference in QEMU for this virtual address */
295 ppc6xx_tlb_invalidate_virt2(env, EPN, is_code, 1);
299 /* Store last way for LRU mechanism */
303 static inline int ppc6xx_tlb_check(CPUPPCState *env, mmu_ctx_t *ctx,
304 target_ulong eaddr, int rw, int access_type)
311 ret = -1; /* No TLB found */
312 for (way = 0; way < env->nb_ways; way++) {
313 nr = ppc6xx_tlb_getnum(env, eaddr, way,
314 access_type == ACCESS_CODE ? 1 : 0);
315 tlb = &env->tlb.tlb6[nr];
316 /* This test "emulates" the PTE index match for hardware TLBs */
317 if ((eaddr & TARGET_PAGE_MASK) != tlb->EPN) {
318 LOG_SWTLB("TLB %d/%d %s [" TARGET_FMT_lx " " TARGET_FMT_lx
319 "] <> " TARGET_FMT_lx "\n", nr, env->nb_tlb,
320 pte_is_valid(tlb->pte0) ? "valid" : "inval",
321 tlb->EPN, tlb->EPN + TARGET_PAGE_SIZE, eaddr);
324 LOG_SWTLB("TLB %d/%d %s " TARGET_FMT_lx " <> " TARGET_FMT_lx " "
325 TARGET_FMT_lx " %c %c\n", nr, env->nb_tlb,
326 pte_is_valid(tlb->pte0) ? "valid" : "inval",
327 tlb->EPN, eaddr, tlb->pte1,
328 rw ? 'S' : 'L', access_type == ACCESS_CODE ? 'I' : 'D');
329 switch (ppc6xx_tlb_pte_check(ctx, tlb->pte0, tlb->pte1, 0, rw, access_type)) {
331 /* TLB inconsistency */
334 /* Access violation */
344 /* XXX: we should go on looping to check all TLBs consistency
345 * but we can speed-up the whole thing as the
346 * result would be undefined if TLBs are not consistent.
355 LOG_SWTLB("found TLB at addr " TARGET_FMT_plx " prot=%01x ret=%d\n",
356 ctx->raddr & TARGET_PAGE_MASK, ctx->prot, ret);
357 /* Update page flags */
358 pte_update_flags(ctx, &env->tlb.tlb6[best].pte1, ret, rw);
364 /* Perform BAT hit & translation */
365 static inline void bat_size_prot(CPUPPCState *env, target_ulong *blp,
366 int *validp, int *protp, target_ulong *BATu,
372 bl = (*BATu & 0x00001FFC) << 15;
375 if (((msr_pr == 0) && (*BATu & 0x00000002)) ||
376 ((msr_pr != 0) && (*BATu & 0x00000001))) {
378 pp = *BATl & 0x00000003;
380 prot = PAGE_READ | PAGE_EXEC;
391 static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
392 target_ulong virtual, int rw, int type)
394 target_ulong *BATlt, *BATut, *BATu, *BATl;
395 target_ulong BEPIl, BEPIu, bl;
399 LOG_BATS("%s: %cBAT v " TARGET_FMT_lx "\n", __func__,
400 type == ACCESS_CODE ? 'I' : 'D', virtual);
403 BATlt = env->IBAT[1];
404 BATut = env->IBAT[0];
407 BATlt = env->DBAT[1];
408 BATut = env->DBAT[0];
411 for (i = 0; i < env->nb_BATs; i++) {
414 BEPIu = *BATu & 0xF0000000;
415 BEPIl = *BATu & 0x0FFE0000;
416 bat_size_prot(env, &bl, &valid, &prot, BATu, BATl);
417 LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx
418 " BATl " TARGET_FMT_lx "\n", __func__,
419 type == ACCESS_CODE ? 'I' : 'D', i, virtual, *BATu, *BATl);
420 if ((virtual & 0xF0000000) == BEPIu &&
421 ((virtual & 0x0FFE0000) & ~bl) == BEPIl) {
424 /* Get physical address */
425 ctx->raddr = (*BATl & 0xF0000000) |
426 ((virtual & 0x0FFE0000 & bl) | (*BATl & 0x0FFE0000)) |
427 (virtual & 0x0001F000);
428 /* Compute access rights */
430 ret = check_prot(ctx->prot, rw, type);
432 LOG_BATS("BAT %d match: r " TARGET_FMT_plx " prot=%c%c\n",
433 i, ctx->raddr, ctx->prot & PAGE_READ ? 'R' : '-',
434 ctx->prot & PAGE_WRITE ? 'W' : '-');
441 #if defined(DEBUG_BATS)
442 if (qemu_log_enabled()) {
443 LOG_BATS("no BAT match for " TARGET_FMT_lx ":\n", virtual);
444 for (i = 0; i < 4; i++) {
447 BEPIu = *BATu & 0xF0000000;
448 BEPIl = *BATu & 0x0FFE0000;
449 bl = (*BATu & 0x00001FFC) << 15;
450 LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx
451 " BATl " TARGET_FMT_lx "\n\t" TARGET_FMT_lx " "
452 TARGET_FMT_lx " " TARGET_FMT_lx "\n",
453 __func__, type == ACCESS_CODE ? 'I' : 'D', i, virtual,
454 *BATu, *BATl, BEPIu, BEPIl, bl);
463 /* Perform segment based translation */
464 static inline int get_segment_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
465 target_ulong eaddr, int rw, int type)
469 int ds, pr, target_page_bits;
471 target_ulong sr, pgidx;
476 sr = env->sr[eaddr >> 28];
477 ctx->key = (((sr & 0x20000000) && (pr != 0)) ||
478 ((sr & 0x40000000) && (pr == 0))) ? 1 : 0;
479 ds = sr & 0x80000000 ? 1 : 0;
480 ctx->nx = sr & 0x10000000 ? 1 : 0;
481 vsid = sr & 0x00FFFFFF;
482 target_page_bits = TARGET_PAGE_BITS;
483 qemu_log_mask(CPU_LOG_MMU,
484 "Check segment v=" TARGET_FMT_lx " %d " TARGET_FMT_lx
485 " nip=" TARGET_FMT_lx " lr=" TARGET_FMT_lx
486 " ir=%d dr=%d pr=%d %d t=%d\n",
487 eaddr, (int)(eaddr >> 28), sr, env->nip, env->lr, (int)msr_ir,
488 (int)msr_dr, pr != 0 ? 1 : 0, rw, type);
489 pgidx = (eaddr & ~SEGMENT_MASK_256M) >> target_page_bits;
491 ctx->ptem = (vsid << 7) | (pgidx >> 10);
493 qemu_log_mask(CPU_LOG_MMU,
494 "pte segment: key=%d ds %d nx %d vsid " TARGET_FMT_lx "\n",
495 ctx->key, ds, ctx->nx, vsid);
498 /* Check if instruction fetch is allowed, if needed */
499 if (type != ACCESS_CODE || ctx->nx == 0) {
500 /* Page address translation */
501 qemu_log_mask(CPU_LOG_MMU, "htab_base " TARGET_FMT_plx
502 " htab_mask " TARGET_FMT_plx
503 " hash " TARGET_FMT_plx "\n",
504 env->htab_base, env->htab_mask, hash);
506 ctx->hash[1] = ~hash;
508 /* Initialize real address with an invalid value */
509 ctx->raddr = (hwaddr)-1ULL;
510 /* Software TLB search */
511 ret = ppc6xx_tlb_check(env, ctx, eaddr, rw, type);
512 #if defined(DUMP_PAGE_TABLES)
513 if (qemu_log_mask(CPU_LOG_MMU)) {
515 uint32_t a0, a1, a2, a3;
517 qemu_log("Page table: " TARGET_FMT_plx " len " TARGET_FMT_plx
518 "\n", sdr, mask + 0x80);
519 for (curaddr = sdr; curaddr < (sdr + mask + 0x80);
521 a0 = ldl_phys(curaddr);
522 a1 = ldl_phys(curaddr + 4);
523 a2 = ldl_phys(curaddr + 8);
524 a3 = ldl_phys(curaddr + 12);
525 if (a0 != 0 || a1 != 0 || a2 != 0 || a3 != 0) {
526 qemu_log(TARGET_FMT_plx ": %08x %08x %08x %08x\n",
527 curaddr, a0, a1, a2, a3);
533 qemu_log_mask(CPU_LOG_MMU, "No access allowed\n");
539 qemu_log_mask(CPU_LOG_MMU, "direct store...\n");
540 /* Direct-store segment : absolutely *BUGGY* for now */
542 /* Direct-store implies a 32-bit MMU.
543 * Check the Segment Register's bus unit ID (BUID).
545 sr = env->sr[eaddr >> 28];
546 if ((sr & 0x1FF00000) >> 20 == 0x07f) {
547 /* Memory-forced I/O controller interface access */
548 /* If T=1 and BUID=x'07F', the 601 performs a memory access
549 * to SR[28-31] LA[4-31], bypassing all protection mechanisms.
551 ctx->raddr = ((sr & 0xF) << 28) | (eaddr & 0x0FFFFFFF);
552 ctx->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
558 /* Integer load/store : only access allowed */
561 /* No code fetch is allowed in direct-store areas */
564 /* Floating point load/store */
567 /* lwarx, ldarx or srwcx. */
570 /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */
571 /* Should make the instruction do no-op.
572 * As it already do no-op, it's quite easy :-)
580 qemu_log_mask(CPU_LOG_MMU, "ERROR: instruction should not need "
581 "address translation\n");
584 if ((rw == 1 || ctx->key != 1) && (rw == 0 || ctx->key != 0)) {
595 /* Generic TLB check function for embedded PowerPC implementations */
596 static int ppcemb_tlb_check(CPUPPCState *env, ppcemb_tlb_t *tlb,
598 target_ulong address, uint32_t pid, int ext,
603 /* Check valid flag */
604 if (!(tlb->prot & PAGE_VALID)) {
607 mask = ~(tlb->size - 1);
608 LOG_SWTLB("%s: TLB %d address " TARGET_FMT_lx " PID %u <=> " TARGET_FMT_lx
609 " " TARGET_FMT_lx " %u %x\n", __func__, i, address, pid, tlb->EPN,
610 mask, (uint32_t)tlb->PID, tlb->prot);
612 if (tlb->PID != 0 && tlb->PID != pid) {
615 /* Check effective address */
616 if ((address & mask) != tlb->EPN) {
619 *raddrp = (tlb->RPN & mask) | (address & ~mask);
621 /* Extend the physical address to 36 bits */
622 *raddrp |= (uint64_t)(tlb->RPN & 0xF) << 32;
628 /* Generic TLB search function for PowerPC embedded implementations */
629 static int ppcemb_tlb_search(CPUPPCState *env, target_ulong address,
636 /* Default return value is no match */
638 for (i = 0; i < env->nb_tlb; i++) {
639 tlb = &env->tlb.tlbe[i];
640 if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, 0, i) == 0) {
649 /* Helpers specific to PowerPC 40x implementations */
650 static inline void ppc4xx_tlb_invalidate_all(CPUPPCState *env)
652 PowerPCCPU *cpu = ppc_env_get_cpu(env);
656 for (i = 0; i < env->nb_tlb; i++) {
657 tlb = &env->tlb.tlbe[i];
658 tlb->prot &= ~PAGE_VALID;
660 tlb_flush(CPU(cpu), 1);
663 static int mmu40x_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
664 target_ulong address, int rw,
669 int i, ret, zsel, zpr, pr;
672 raddr = (hwaddr)-1ULL;
674 for (i = 0; i < env->nb_tlb; i++) {
675 tlb = &env->tlb.tlbe[i];
676 if (ppcemb_tlb_check(env, tlb, &raddr, address,
677 env->spr[SPR_40x_PID], 0, i) < 0) {
680 zsel = (tlb->attr >> 4) & 0xF;
681 zpr = (env->spr[SPR_40x_ZPR] >> (30 - (2 * zsel))) & 0x3;
682 LOG_SWTLB("%s: TLB %d zsel %d zpr %d rw %d attr %08x\n",
683 __func__, i, zsel, zpr, rw, tlb->attr);
684 /* Check execute enable bit */
692 /* All accesses granted */
693 ctx->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
698 /* Raise Zone protection fault. */
699 env->spr[SPR_40x_ESR] = 1 << 22;
707 /* Check from TLB entry */
708 ctx->prot = tlb->prot;
709 ret = check_prot(ctx->prot, rw, access_type);
711 env->spr[SPR_40x_ESR] = 0;
717 LOG_SWTLB("%s: access granted " TARGET_FMT_lx " => " TARGET_FMT_plx
718 " %d %d\n", __func__, address, ctx->raddr, ctx->prot,
723 LOG_SWTLB("%s: access refused " TARGET_FMT_lx " => " TARGET_FMT_plx
724 " %d %d\n", __func__, address, raddr, ctx->prot, ret);
729 void store_40x_sler(CPUPPCState *env, uint32_t val)
731 PowerPCCPU *cpu = ppc_env_get_cpu(env);
733 /* XXX: TO BE FIXED */
734 if (val != 0x00000000) {
735 cpu_abort(CPU(cpu), "Little-endian regions are not supported by now\n");
737 env->spr[SPR_405_SLER] = val;
740 static inline int mmubooke_check_tlb(CPUPPCState *env, ppcemb_tlb_t *tlb,
741 hwaddr *raddr, int *prot,
742 target_ulong address, int rw,
743 int access_type, int i)
747 if (ppcemb_tlb_check(env, tlb, raddr, address,
748 env->spr[SPR_BOOKE_PID],
749 !env->nb_pids, i) >= 0) {
753 if (env->spr[SPR_BOOKE_PID1] &&
754 ppcemb_tlb_check(env, tlb, raddr, address,
755 env->spr[SPR_BOOKE_PID1], 0, i) >= 0) {
759 if (env->spr[SPR_BOOKE_PID2] &&
760 ppcemb_tlb_check(env, tlb, raddr, address,
761 env->spr[SPR_BOOKE_PID2], 0, i) >= 0) {
765 LOG_SWTLB("%s: TLB entry not found\n", __func__);
771 prot2 = tlb->prot & 0xF;
773 prot2 = (tlb->prot >> 4) & 0xF;
776 /* Check the address space */
777 if (access_type == ACCESS_CODE) {
778 if (msr_ir != (tlb->attr & 1)) {
779 LOG_SWTLB("%s: AS doesn't match\n", __func__);
784 if (prot2 & PAGE_EXEC) {
785 LOG_SWTLB("%s: good TLB!\n", __func__);
789 LOG_SWTLB("%s: no PAGE_EXEC: %x\n", __func__, prot2);
792 if (msr_dr != (tlb->attr & 1)) {
793 LOG_SWTLB("%s: AS doesn't match\n", __func__);
798 if ((!rw && prot2 & PAGE_READ) || (rw && (prot2 & PAGE_WRITE))) {
799 LOG_SWTLB("%s: found TLB!\n", __func__);
803 LOG_SWTLB("%s: PAGE_READ/WRITE doesn't match: %x\n", __func__, prot2);
810 static int mmubooke_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
811 target_ulong address, int rw,
819 raddr = (hwaddr)-1ULL;
820 for (i = 0; i < env->nb_tlb; i++) {
821 tlb = &env->tlb.tlbe[i];
822 ret = mmubooke_check_tlb(env, tlb, &raddr, &ctx->prot, address, rw,
831 LOG_SWTLB("%s: access granted " TARGET_FMT_lx " => " TARGET_FMT_plx
832 " %d %d\n", __func__, address, ctx->raddr, ctx->prot,
835 LOG_SWTLB("%s: access refused " TARGET_FMT_lx " => " TARGET_FMT_plx
836 " %d %d\n", __func__, address, raddr, ctx->prot, ret);
842 static void booke206_flush_tlb(CPUPPCState *env, int flags,
843 const int check_iprot)
845 PowerPCCPU *cpu = ppc_env_get_cpu(env);
848 ppcmas_tlb_t *tlb = env->tlb.tlbm;
850 for (i = 0; i < BOOKE206_MAX_TLBN; i++) {
851 if (flags & (1 << i)) {
852 tlb_size = booke206_tlb_size(env, i);
853 for (j = 0; j < tlb_size; j++) {
854 if (!check_iprot || !(tlb[j].mas1 & MAS1_IPROT)) {
855 tlb[j].mas1 &= ~MAS1_VALID;
859 tlb += booke206_tlb_size(env, i);
862 tlb_flush(CPU(cpu), 1);
865 static hwaddr booke206_tlb_to_page_size(CPUPPCState *env,
870 tlbm_size = (tlb->mas1 & MAS1_TSIZE_MASK) >> MAS1_TSIZE_SHIFT;
872 return 1024ULL << tlbm_size;
875 /* TLB check function for MAS based SoftTLBs */
876 static int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb,
877 hwaddr *raddrp, target_ulong address,
884 /* In 32bit mode we can only address 32bit EAs */
885 address = (uint32_t)address;
888 /* Check valid flag */
889 if (!(tlb->mas1 & MAS1_VALID)) {
893 mask = ~(booke206_tlb_to_page_size(env, tlb) - 1);
894 LOG_SWTLB("%s: TLB ADDR=0x" TARGET_FMT_lx " PID=0x%x MAS1=0x%x MAS2=0x%"
895 PRIx64 " mask=0x" TARGET_FMT_lx " MAS7_3=0x%" PRIx64 " MAS8=%x\n",
896 __func__, address, pid, tlb->mas1, tlb->mas2, mask, tlb->mas7_3,
900 tlb_pid = (tlb->mas1 & MAS1_TID_MASK) >> MAS1_TID_SHIFT;
901 if (tlb_pid != 0 && tlb_pid != pid) {
905 /* Check effective address */
906 if ((address & mask) != (tlb->mas2 & MAS2_EPN_MASK)) {
911 *raddrp = (tlb->mas7_3 & mask) | (address & ~mask);
917 static int mmubooke206_check_tlb(CPUPPCState *env, ppcmas_tlb_t *tlb,
918 hwaddr *raddr, int *prot,
919 target_ulong address, int rw,
925 if (ppcmas_tlb_check(env, tlb, raddr, address,
926 env->spr[SPR_BOOKE_PID]) >= 0) {
930 if (env->spr[SPR_BOOKE_PID1] &&
931 ppcmas_tlb_check(env, tlb, raddr, address,
932 env->spr[SPR_BOOKE_PID1]) >= 0) {
936 if (env->spr[SPR_BOOKE_PID2] &&
937 ppcmas_tlb_check(env, tlb, raddr, address,
938 env->spr[SPR_BOOKE_PID2]) >= 0) {
942 LOG_SWTLB("%s: TLB entry not found\n", __func__);
948 if (tlb->mas7_3 & MAS3_UR) {
951 if (tlb->mas7_3 & MAS3_UW) {
954 if (tlb->mas7_3 & MAS3_UX) {
958 if (tlb->mas7_3 & MAS3_SR) {
961 if (tlb->mas7_3 & MAS3_SW) {
964 if (tlb->mas7_3 & MAS3_SX) {
969 /* Check the address space and permissions */
970 if (access_type == ACCESS_CODE) {
971 if (msr_ir != ((tlb->mas1 & MAS1_TS) >> MAS1_TS_SHIFT)) {
972 LOG_SWTLB("%s: AS doesn't match\n", __func__);
977 if (prot2 & PAGE_EXEC) {
978 LOG_SWTLB("%s: good TLB!\n", __func__);
982 LOG_SWTLB("%s: no PAGE_EXEC: %x\n", __func__, prot2);
985 if (msr_dr != ((tlb->mas1 & MAS1_TS) >> MAS1_TS_SHIFT)) {
986 LOG_SWTLB("%s: AS doesn't match\n", __func__);
991 if ((!rw && prot2 & PAGE_READ) || (rw && (prot2 & PAGE_WRITE))) {
992 LOG_SWTLB("%s: found TLB!\n", __func__);
996 LOG_SWTLB("%s: PAGE_READ/WRITE doesn't match: %x\n", __func__, prot2);
1003 static int mmubooke206_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
1004 target_ulong address, int rw,
1012 raddr = (hwaddr)-1ULL;
1014 for (i = 0; i < BOOKE206_MAX_TLBN; i++) {
1015 int ways = booke206_tlb_ways(env, i);
1017 for (j = 0; j < ways; j++) {
1018 tlb = booke206_get_tlbm(env, i, address, j);
1022 ret = mmubooke206_check_tlb(env, tlb, &raddr, &ctx->prot, address,
1034 LOG_SWTLB("%s: access granted " TARGET_FMT_lx " => " TARGET_FMT_plx
1035 " %d %d\n", __func__, address, ctx->raddr, ctx->prot,
1038 LOG_SWTLB("%s: access refused " TARGET_FMT_lx " => " TARGET_FMT_plx
1039 " %d %d\n", __func__, address, raddr, ctx->prot, ret);
1045 static const char *book3e_tsize_to_str[32] = {
1046 "1K", "2K", "4K", "8K", "16K", "32K", "64K", "128K", "256K", "512K",
1047 "1M", "2M", "4M", "8M", "16M", "32M", "64M", "128M", "256M", "512M",
1048 "1G", "2G", "4G", "8G", "16G", "32G", "64G", "128G", "256G", "512G",
1052 static void mmubooke_dump_mmu(FILE *f, fprintf_function cpu_fprintf,
1055 ppcemb_tlb_t *entry;
1058 if (kvm_enabled() && !env->kvm_sw_tlb) {
1059 cpu_fprintf(f, "Cannot access KVM TLB\n");
1063 cpu_fprintf(f, "\nTLB:\n");
1064 cpu_fprintf(f, "Effective Physical Size PID Prot "
1067 entry = &env->tlb.tlbe[0];
1068 for (i = 0; i < env->nb_tlb; i++, entry++) {
1071 uint64_t size = (uint64_t)entry->size;
1074 /* Check valid flag */
1075 if (!(entry->prot & PAGE_VALID)) {
1079 mask = ~(entry->size - 1);
1080 ea = entry->EPN & mask;
1081 pa = entry->RPN & mask;
1082 /* Extend the physical address to 36 bits */
1083 pa |= (hwaddr)(entry->RPN & 0xF) << 32;
1086 snprintf(size_buf, sizeof(size_buf), "%3" PRId64 "M", size / 1024);
1088 snprintf(size_buf, sizeof(size_buf), "%3" PRId64 "k", size);
1090 cpu_fprintf(f, "0x%016" PRIx64 " 0x%016" PRIx64 " %s %-5u %08x %08x\n",
1091 (uint64_t)ea, (uint64_t)pa, size_buf, (uint32_t)entry->PID,
1092 entry->prot, entry->attr);
1097 static void mmubooke206_dump_one_tlb(FILE *f, fprintf_function cpu_fprintf,
1098 CPUPPCState *env, int tlbn, int offset,
1101 ppcmas_tlb_t *entry;
1104 cpu_fprintf(f, "\nTLB%d:\n", tlbn);
1105 cpu_fprintf(f, "Effective Physical Size TID TS SRWX"
1106 " URWX WIMGE U0123\n");
1108 entry = &env->tlb.tlbm[offset];
1109 for (i = 0; i < tlbsize; i++, entry++) {
1110 hwaddr ea, pa, size;
1113 if (!(entry->mas1 & MAS1_VALID)) {
1117 tsize = (entry->mas1 & MAS1_TSIZE_MASK) >> MAS1_TSIZE_SHIFT;
1118 size = 1024ULL << tsize;
1119 ea = entry->mas2 & ~(size - 1);
1120 pa = entry->mas7_3 & ~(size - 1);
1122 cpu_fprintf(f, "0x%016" PRIx64 " 0x%016" PRIx64 " %4s %-5u %1u S%c%c%c"
1123 "U%c%c%c %c%c%c%c%c U%c%c%c%c\n",
1124 (uint64_t)ea, (uint64_t)pa,
1125 book3e_tsize_to_str[tsize],
1126 (entry->mas1 & MAS1_TID_MASK) >> MAS1_TID_SHIFT,
1127 (entry->mas1 & MAS1_TS) >> MAS1_TS_SHIFT,
1128 entry->mas7_3 & MAS3_SR ? 'R' : '-',
1129 entry->mas7_3 & MAS3_SW ? 'W' : '-',
1130 entry->mas7_3 & MAS3_SX ? 'X' : '-',
1131 entry->mas7_3 & MAS3_UR ? 'R' : '-',
1132 entry->mas7_3 & MAS3_UW ? 'W' : '-',
1133 entry->mas7_3 & MAS3_UX ? 'X' : '-',
1134 entry->mas2 & MAS2_W ? 'W' : '-',
1135 entry->mas2 & MAS2_I ? 'I' : '-',
1136 entry->mas2 & MAS2_M ? 'M' : '-',
1137 entry->mas2 & MAS2_G ? 'G' : '-',
1138 entry->mas2 & MAS2_E ? 'E' : '-',
1139 entry->mas7_3 & MAS3_U0 ? '0' : '-',
1140 entry->mas7_3 & MAS3_U1 ? '1' : '-',
1141 entry->mas7_3 & MAS3_U2 ? '2' : '-',
1142 entry->mas7_3 & MAS3_U3 ? '3' : '-');
1146 static void mmubooke206_dump_mmu(FILE *f, fprintf_function cpu_fprintf,
1152 if (kvm_enabled() && !env->kvm_sw_tlb) {
1153 cpu_fprintf(f, "Cannot access KVM TLB\n");
1157 for (i = 0; i < BOOKE206_MAX_TLBN; i++) {
1158 int size = booke206_tlb_size(env, i);
1164 mmubooke206_dump_one_tlb(f, cpu_fprintf, env, i, offset, size);
1169 static void mmu6xx_dump_BATs(FILE *f, fprintf_function cpu_fprintf,
1170 CPUPPCState *env, int type)
1172 target_ulong *BATlt, *BATut, *BATu, *BATl;
1173 target_ulong BEPIl, BEPIu, bl;
1178 BATlt = env->IBAT[1];
1179 BATut = env->IBAT[0];
1182 BATlt = env->DBAT[1];
1183 BATut = env->DBAT[0];
1187 for (i = 0; i < env->nb_BATs; i++) {
1190 BEPIu = *BATu & 0xF0000000;
1191 BEPIl = *BATu & 0x0FFE0000;
1192 bl = (*BATu & 0x00001FFC) << 15;
1193 cpu_fprintf(f, "%s BAT%d BATu " TARGET_FMT_lx
1194 " BATl " TARGET_FMT_lx "\n\t" TARGET_FMT_lx " "
1195 TARGET_FMT_lx " " TARGET_FMT_lx "\n",
1196 type == ACCESS_CODE ? "code" : "data", i,
1197 *BATu, *BATl, BEPIu, BEPIl, bl);
1201 static void mmu6xx_dump_mmu(FILE *f, fprintf_function cpu_fprintf,
1206 int type, way, entry, i;
1208 cpu_fprintf(f, "HTAB base = 0x%"HWADDR_PRIx"\n", env->htab_base);
1209 cpu_fprintf(f, "HTAB mask = 0x%"HWADDR_PRIx"\n", env->htab_mask);
1211 cpu_fprintf(f, "\nSegment registers:\n");
1212 for (i = 0; i < 32; i++) {
1214 if (sr & 0x80000000) {
1215 cpu_fprintf(f, "%02d T=%d Ks=%d Kp=%d BUID=0x%03x "
1216 "CNTLR_SPEC=0x%05x\n", i,
1217 sr & 0x80000000 ? 1 : 0, sr & 0x40000000 ? 1 : 0,
1218 sr & 0x20000000 ? 1 : 0, (uint32_t)((sr >> 20) & 0x1FF),
1219 (uint32_t)(sr & 0xFFFFF));
1221 cpu_fprintf(f, "%02d T=%d Ks=%d Kp=%d N=%d VSID=0x%06x\n", i,
1222 sr & 0x80000000 ? 1 : 0, sr & 0x40000000 ? 1 : 0,
1223 sr & 0x20000000 ? 1 : 0, sr & 0x10000000 ? 1 : 0,
1224 (uint32_t)(sr & 0x00FFFFFF));
1228 cpu_fprintf(f, "\nBATs:\n");
1229 mmu6xx_dump_BATs(f, cpu_fprintf, env, ACCESS_INT);
1230 mmu6xx_dump_BATs(f, cpu_fprintf, env, ACCESS_CODE);
1232 if (env->id_tlbs != 1) {
1233 cpu_fprintf(f, "ERROR: 6xx MMU should have separated TLB"
1234 " for code and data\n");
1237 cpu_fprintf(f, "\nTLBs [EPN EPN + SIZE]\n");
1239 for (type = 0; type < 2; type++) {
1240 for (way = 0; way < env->nb_ways; way++) {
1241 for (entry = env->nb_tlb * type + env->tlb_per_way * way;
1242 entry < (env->nb_tlb * type + env->tlb_per_way * (way + 1));
1245 tlb = &env->tlb.tlb6[entry];
1246 cpu_fprintf(f, "%s TLB %02d/%02d way:%d %s ["
1247 TARGET_FMT_lx " " TARGET_FMT_lx "]\n",
1248 type ? "code" : "data", entry % env->nb_tlb,
1250 pte_is_valid(tlb->pte0) ? "valid" : "inval",
1251 tlb->EPN, tlb->EPN + TARGET_PAGE_SIZE);
1257 void dump_mmu(FILE *f, fprintf_function cpu_fprintf, CPUPPCState *env)
1259 switch (env->mmu_model) {
1260 case POWERPC_MMU_BOOKE:
1261 mmubooke_dump_mmu(f, cpu_fprintf, env);
1263 case POWERPC_MMU_BOOKE206:
1264 mmubooke206_dump_mmu(f, cpu_fprintf, env);
1266 case POWERPC_MMU_SOFT_6xx:
1267 case POWERPC_MMU_SOFT_74xx:
1268 mmu6xx_dump_mmu(f, cpu_fprintf, env);
1270 #if defined(TARGET_PPC64)
1271 case POWERPC_MMU_64B:
1272 case POWERPC_MMU_2_03:
1273 case POWERPC_MMU_2_06:
1274 case POWERPC_MMU_2_06a:
1275 case POWERPC_MMU_2_07:
1276 case POWERPC_MMU_2_07a:
1277 dump_slb(f, cpu_fprintf, ppc_env_get_cpu(env));
1281 qemu_log_mask(LOG_UNIMP, "%s: unimplemented\n", __func__);
1285 static inline int check_physical(CPUPPCState *env, mmu_ctx_t *ctx,
1286 target_ulong eaddr, int rw)
1291 ctx->prot = PAGE_READ | PAGE_EXEC;
1293 switch (env->mmu_model) {
1294 case POWERPC_MMU_SOFT_6xx:
1295 case POWERPC_MMU_SOFT_74xx:
1296 case POWERPC_MMU_SOFT_4xx:
1297 case POWERPC_MMU_REAL:
1298 case POWERPC_MMU_BOOKE:
1299 ctx->prot |= PAGE_WRITE;
1302 case POWERPC_MMU_SOFT_4xx_Z:
1303 if (unlikely(msr_pe != 0)) {
1304 /* 403 family add some particular protections,
1305 * using PBL/PBU registers for accesses with no translation.
1308 /* Check PLB validity */
1309 (env->pb[0] < env->pb[1] &&
1310 /* and address in plb area */
1311 eaddr >= env->pb[0] && eaddr < env->pb[1]) ||
1312 (env->pb[2] < env->pb[3] &&
1313 eaddr >= env->pb[2] && eaddr < env->pb[3]) ? 1 : 0;
1314 if (in_plb ^ msr_px) {
1315 /* Access in protected area */
1317 /* Access is not allowed */
1321 /* Read-write access is allowed */
1322 ctx->prot |= PAGE_WRITE;
1328 /* Caller's checks mean we should never get here for other models */
1336 static int get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
1337 target_ulong eaddr, int rw, int access_type)
1339 PowerPCCPU *cpu = ppc_env_get_cpu(env);
1341 bool real_mode = (access_type == ACCESS_CODE && msr_ir == 0)
1342 || (access_type != ACCESS_CODE && msr_dr == 0);
1345 qemu_log("%s\n", __func__);
1348 switch (env->mmu_model) {
1349 case POWERPC_MMU_SOFT_6xx:
1350 case POWERPC_MMU_SOFT_74xx:
1352 ret = check_physical(env, ctx, eaddr, rw);
1354 /* Try to find a BAT */
1355 if (env->nb_BATs != 0) {
1356 ret = get_bat_6xx_tlb(env, ctx, eaddr, rw, access_type);
1359 /* We didn't match any BAT entry or don't have BATs */
1360 ret = get_segment_6xx_tlb(env, ctx, eaddr, rw, access_type);
1365 case POWERPC_MMU_SOFT_4xx:
1366 case POWERPC_MMU_SOFT_4xx_Z:
1368 ret = check_physical(env, ctx, eaddr, rw);
1370 ret = mmu40x_get_physical_address(env, ctx, eaddr,
1374 case POWERPC_MMU_BOOKE:
1375 ret = mmubooke_get_physical_address(env, ctx, eaddr,
1378 case POWERPC_MMU_BOOKE206:
1379 ret = mmubooke206_get_physical_address(env, ctx, eaddr, rw,
1382 case POWERPC_MMU_MPC8xx:
1384 cpu_abort(CPU(cpu), "MPC8xx MMU model is not implemented\n");
1386 case POWERPC_MMU_REAL:
1388 ret = check_physical(env, ctx, eaddr, rw);
1390 cpu_abort(CPU(cpu), "PowerPC in real mode do not do any translation\n");
1394 cpu_abort(CPU(cpu), "Unknown or invalid MMU model\n");
1398 qemu_log("%s address " TARGET_FMT_lx " => %d " TARGET_FMT_plx "\n",
1399 __func__, eaddr, ret, ctx->raddr);
1405 hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
1407 PowerPCCPU *cpu = POWERPC_CPU(cs);
1408 CPUPPCState *env = &cpu->env;
1411 switch (env->mmu_model) {
1412 #if defined(TARGET_PPC64)
1413 case POWERPC_MMU_64B:
1414 case POWERPC_MMU_2_03:
1415 case POWERPC_MMU_2_06:
1416 case POWERPC_MMU_2_06a:
1417 case POWERPC_MMU_2_07:
1418 case POWERPC_MMU_2_07a:
1419 return ppc_hash64_get_phys_page_debug(cpu, addr);
1422 case POWERPC_MMU_32B:
1423 case POWERPC_MMU_601:
1424 return ppc_hash32_get_phys_page_debug(cpu, addr);
1430 if (unlikely(get_physical_address(env, &ctx, addr, 0, ACCESS_INT) != 0)) {
1432 /* Some MMUs have separate TLBs for code and data. If we only try an
1433 * ACCESS_INT, we may not be able to read instructions mapped by code
1434 * TLBs, so we also try a ACCESS_CODE.
1436 if (unlikely(get_physical_address(env, &ctx, addr, 0,
1437 ACCESS_CODE) != 0)) {
1442 return ctx.raddr & TARGET_PAGE_MASK;
1445 static void booke206_update_mas_tlb_miss(CPUPPCState *env, target_ulong address,
1448 env->spr[SPR_BOOKE_MAS0] = env->spr[SPR_BOOKE_MAS4] & MAS4_TLBSELD_MASK;
1449 env->spr[SPR_BOOKE_MAS1] = env->spr[SPR_BOOKE_MAS4] & MAS4_TSIZED_MASK;
1450 env->spr[SPR_BOOKE_MAS2] = env->spr[SPR_BOOKE_MAS4] & MAS4_WIMGED_MASK;
1451 env->spr[SPR_BOOKE_MAS3] = 0;
1452 env->spr[SPR_BOOKE_MAS6] = 0;
1453 env->spr[SPR_BOOKE_MAS7] = 0;
1456 if (((rw == 2) && msr_ir) || ((rw != 2) && msr_dr)) {
1457 env->spr[SPR_BOOKE_MAS1] |= MAS1_TS;
1458 env->spr[SPR_BOOKE_MAS6] |= MAS6_SAS;
1461 env->spr[SPR_BOOKE_MAS1] |= MAS1_VALID;
1462 env->spr[SPR_BOOKE_MAS2] |= address & MAS2_EPN_MASK;
1464 switch (env->spr[SPR_BOOKE_MAS4] & MAS4_TIDSELD_PIDZ) {
1465 case MAS4_TIDSELD_PID0:
1466 env->spr[SPR_BOOKE_MAS1] |= env->spr[SPR_BOOKE_PID] << MAS1_TID_SHIFT;
1468 case MAS4_TIDSELD_PID1:
1469 env->spr[SPR_BOOKE_MAS1] |= env->spr[SPR_BOOKE_PID1] << MAS1_TID_SHIFT;
1471 case MAS4_TIDSELD_PID2:
1472 env->spr[SPR_BOOKE_MAS1] |= env->spr[SPR_BOOKE_PID2] << MAS1_TID_SHIFT;
1476 env->spr[SPR_BOOKE_MAS6] |= env->spr[SPR_BOOKE_PID] << 16;
1478 /* next victim logic */
1479 env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_ESEL_SHIFT;
1481 env->last_way &= booke206_tlb_ways(env, 0) - 1;
1482 env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_NV_SHIFT;
1485 /* Perform address translation */
1486 static int cpu_ppc_handle_mmu_fault(CPUPPCState *env, target_ulong address,
1487 int rw, int mmu_idx)
1489 CPUState *cs = CPU(ppc_env_get_cpu(env));
1490 PowerPCCPU *cpu = POWERPC_CPU(cs);
1498 access_type = ACCESS_CODE;
1501 access_type = env->access_type;
1503 ret = get_physical_address(env, &ctx, address, rw, access_type);
1505 tlb_set_page(cs, address & TARGET_PAGE_MASK,
1506 ctx.raddr & TARGET_PAGE_MASK, ctx.prot,
1507 mmu_idx, TARGET_PAGE_SIZE);
1509 } else if (ret < 0) {
1511 if (access_type == ACCESS_CODE) {
1514 /* No matches in page tables or TLB */
1515 switch (env->mmu_model) {
1516 case POWERPC_MMU_SOFT_6xx:
1517 cs->exception_index = POWERPC_EXCP_IFTLB;
1518 env->error_code = 1 << 18;
1519 env->spr[SPR_IMISS] = address;
1520 env->spr[SPR_ICMP] = 0x80000000 | ctx.ptem;
1522 case POWERPC_MMU_SOFT_74xx:
1523 cs->exception_index = POWERPC_EXCP_IFTLB;
1525 case POWERPC_MMU_SOFT_4xx:
1526 case POWERPC_MMU_SOFT_4xx_Z:
1527 cs->exception_index = POWERPC_EXCP_ITLB;
1528 env->error_code = 0;
1529 env->spr[SPR_40x_DEAR] = address;
1530 env->spr[SPR_40x_ESR] = 0x00000000;
1532 case POWERPC_MMU_BOOKE206:
1533 booke206_update_mas_tlb_miss(env, address, rw);
1535 case POWERPC_MMU_BOOKE:
1536 cs->exception_index = POWERPC_EXCP_ITLB;
1537 env->error_code = 0;
1538 env->spr[SPR_BOOKE_DEAR] = address;
1540 case POWERPC_MMU_MPC8xx:
1542 cpu_abort(cs, "MPC8xx MMU model is not implemented\n");
1544 case POWERPC_MMU_REAL:
1545 cpu_abort(cs, "PowerPC in real mode should never raise "
1546 "any MMU exceptions\n");
1549 cpu_abort(cs, "Unknown or invalid MMU model\n");
1554 /* Access rights violation */
1555 cs->exception_index = POWERPC_EXCP_ISI;
1556 env->error_code = 0x08000000;
1559 /* No execute protection violation */
1560 if ((env->mmu_model == POWERPC_MMU_BOOKE) ||
1561 (env->mmu_model == POWERPC_MMU_BOOKE206)) {
1562 env->spr[SPR_BOOKE_ESR] = 0x00000000;
1564 cs->exception_index = POWERPC_EXCP_ISI;
1565 env->error_code = 0x10000000;
1568 /* Direct store exception */
1569 /* No code fetch is allowed in direct-store areas */
1570 cs->exception_index = POWERPC_EXCP_ISI;
1571 env->error_code = 0x10000000;
1577 /* No matches in page tables or TLB */
1578 switch (env->mmu_model) {
1579 case POWERPC_MMU_SOFT_6xx:
1581 cs->exception_index = POWERPC_EXCP_DSTLB;
1582 env->error_code = 1 << 16;
1584 cs->exception_index = POWERPC_EXCP_DLTLB;
1585 env->error_code = 0;
1587 env->spr[SPR_DMISS] = address;
1588 env->spr[SPR_DCMP] = 0x80000000 | ctx.ptem;
1590 env->error_code |= ctx.key << 19;
1591 env->spr[SPR_HASH1] = env->htab_base +
1592 get_pteg_offset32(cpu, ctx.hash[0]);
1593 env->spr[SPR_HASH2] = env->htab_base +
1594 get_pteg_offset32(cpu, ctx.hash[1]);
1596 case POWERPC_MMU_SOFT_74xx:
1598 cs->exception_index = POWERPC_EXCP_DSTLB;
1600 cs->exception_index = POWERPC_EXCP_DLTLB;
1603 /* Implement LRU algorithm */
1604 env->error_code = ctx.key << 19;
1605 env->spr[SPR_TLBMISS] = (address & ~((target_ulong)0x3)) |
1606 ((env->last_way + 1) & (env->nb_ways - 1));
1607 env->spr[SPR_PTEHI] = 0x80000000 | ctx.ptem;
1609 case POWERPC_MMU_SOFT_4xx:
1610 case POWERPC_MMU_SOFT_4xx_Z:
1611 cs->exception_index = POWERPC_EXCP_DTLB;
1612 env->error_code = 0;
1613 env->spr[SPR_40x_DEAR] = address;
1615 env->spr[SPR_40x_ESR] = 0x00800000;
1617 env->spr[SPR_40x_ESR] = 0x00000000;
1620 case POWERPC_MMU_MPC8xx:
1622 cpu_abort(cs, "MPC8xx MMU model is not implemented\n");
1624 case POWERPC_MMU_BOOKE206:
1625 booke206_update_mas_tlb_miss(env, address, rw);
1627 case POWERPC_MMU_BOOKE:
1628 cs->exception_index = POWERPC_EXCP_DTLB;
1629 env->error_code = 0;
1630 env->spr[SPR_BOOKE_DEAR] = address;
1631 env->spr[SPR_BOOKE_ESR] = rw ? ESR_ST : 0;
1633 case POWERPC_MMU_REAL:
1634 cpu_abort(cs, "PowerPC in real mode should never raise "
1635 "any MMU exceptions\n");
1638 cpu_abort(cs, "Unknown or invalid MMU model\n");
1643 /* Access rights violation */
1644 cs->exception_index = POWERPC_EXCP_DSI;
1645 env->error_code = 0;
1646 if (env->mmu_model == POWERPC_MMU_SOFT_4xx
1647 || env->mmu_model == POWERPC_MMU_SOFT_4xx_Z) {
1648 env->spr[SPR_40x_DEAR] = address;
1650 env->spr[SPR_40x_ESR] |= 0x00800000;
1652 } else if ((env->mmu_model == POWERPC_MMU_BOOKE) ||
1653 (env->mmu_model == POWERPC_MMU_BOOKE206)) {
1654 env->spr[SPR_BOOKE_DEAR] = address;
1655 env->spr[SPR_BOOKE_ESR] = rw ? ESR_ST : 0;
1657 env->spr[SPR_DAR] = address;
1659 env->spr[SPR_DSISR] = 0x0A000000;
1661 env->spr[SPR_DSISR] = 0x08000000;
1666 /* Direct store exception */
1667 switch (access_type) {
1669 /* Floating point load/store */
1670 cs->exception_index = POWERPC_EXCP_ALIGN;
1671 env->error_code = POWERPC_EXCP_ALIGN_FP;
1672 env->spr[SPR_DAR] = address;
1675 /* lwarx, ldarx or stwcx. */
1676 cs->exception_index = POWERPC_EXCP_DSI;
1677 env->error_code = 0;
1678 env->spr[SPR_DAR] = address;
1680 env->spr[SPR_DSISR] = 0x06000000;
1682 env->spr[SPR_DSISR] = 0x04000000;
1686 /* eciwx or ecowx */
1687 cs->exception_index = POWERPC_EXCP_DSI;
1688 env->error_code = 0;
1689 env->spr[SPR_DAR] = address;
1691 env->spr[SPR_DSISR] = 0x06100000;
1693 env->spr[SPR_DSISR] = 0x04100000;
1697 printf("DSI: invalid exception (%d)\n", ret);
1698 cs->exception_index = POWERPC_EXCP_PROGRAM;
1700 POWERPC_EXCP_INVAL | POWERPC_EXCP_INVAL_INVAL;
1701 env->spr[SPR_DAR] = address;
1708 printf("%s: set exception to %d %02x\n", __func__,
1709 cs->exception, env->error_code);
1717 /*****************************************************************************/
1718 /* BATs management */
1719 #if !defined(FLUSH_ALL_TLBS)
1720 static inline void do_invalidate_BAT(CPUPPCState *env, target_ulong BATu,
1723 CPUState *cs = CPU(ppc_env_get_cpu(env));
1724 target_ulong base, end, page;
1726 base = BATu & ~0x0001FFFF;
1727 end = base + mask + 0x00020000;
1728 LOG_BATS("Flush BAT from " TARGET_FMT_lx " to " TARGET_FMT_lx " ("
1729 TARGET_FMT_lx ")\n", base, end, mask);
1730 for (page = base; page != end; page += TARGET_PAGE_SIZE) {
1731 tlb_flush_page(cs, page);
1733 LOG_BATS("Flush done\n");
1737 static inline void dump_store_bat(CPUPPCState *env, char ID, int ul, int nr,
1740 LOG_BATS("Set %cBAT%d%c to " TARGET_FMT_lx " (" TARGET_FMT_lx ")\n", ID,
1741 nr, ul == 0 ? 'u' : 'l', value, env->nip);
1744 void helper_store_ibatu(CPUPPCState *env, uint32_t nr, target_ulong value)
1748 dump_store_bat(env, 'I', 0, nr, value);
1749 if (env->IBAT[0][nr] != value) {
1750 mask = (value << 15) & 0x0FFE0000UL;
1751 #if !defined(FLUSH_ALL_TLBS)
1752 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1754 /* When storing valid upper BAT, mask BEPI and BRPN
1755 * and invalidate all TLBs covered by this BAT
1757 mask = (value << 15) & 0x0FFE0000UL;
1758 env->IBAT[0][nr] = (value & 0x00001FFFUL) |
1759 (value & ~0x0001FFFFUL & ~mask);
1760 env->IBAT[1][nr] = (env->IBAT[1][nr] & 0x0000007B) |
1761 (env->IBAT[1][nr] & ~0x0001FFFF & ~mask);
1762 #if !defined(FLUSH_ALL_TLBS)
1763 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1770 void helper_store_ibatl(CPUPPCState *env, uint32_t nr, target_ulong value)
1772 dump_store_bat(env, 'I', 1, nr, value);
1773 env->IBAT[1][nr] = value;
1776 void helper_store_dbatu(CPUPPCState *env, uint32_t nr, target_ulong value)
1780 dump_store_bat(env, 'D', 0, nr, value);
1781 if (env->DBAT[0][nr] != value) {
1782 /* When storing valid upper BAT, mask BEPI and BRPN
1783 * and invalidate all TLBs covered by this BAT
1785 mask = (value << 15) & 0x0FFE0000UL;
1786 #if !defined(FLUSH_ALL_TLBS)
1787 do_invalidate_BAT(env, env->DBAT[0][nr], mask);
1789 mask = (value << 15) & 0x0FFE0000UL;
1790 env->DBAT[0][nr] = (value & 0x00001FFFUL) |
1791 (value & ~0x0001FFFFUL & ~mask);
1792 env->DBAT[1][nr] = (env->DBAT[1][nr] & 0x0000007B) |
1793 (env->DBAT[1][nr] & ~0x0001FFFF & ~mask);
1794 #if !defined(FLUSH_ALL_TLBS)
1795 do_invalidate_BAT(env, env->DBAT[0][nr], mask);
1802 void helper_store_dbatl(CPUPPCState *env, uint32_t nr, target_ulong value)
1804 dump_store_bat(env, 'D', 1, nr, value);
1805 env->DBAT[1][nr] = value;
1808 void helper_store_601_batu(CPUPPCState *env, uint32_t nr, target_ulong value)
1811 #if defined(FLUSH_ALL_TLBS)
1815 dump_store_bat(env, 'I', 0, nr, value);
1816 if (env->IBAT[0][nr] != value) {
1817 #if defined(FLUSH_ALL_TLBS)
1820 mask = (env->IBAT[1][nr] << 17) & 0x0FFE0000UL;
1821 if (env->IBAT[1][nr] & 0x40) {
1822 /* Invalidate BAT only if it is valid */
1823 #if !defined(FLUSH_ALL_TLBS)
1824 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1829 /* When storing valid upper BAT, mask BEPI and BRPN
1830 * and invalidate all TLBs covered by this BAT
1832 env->IBAT[0][nr] = (value & 0x00001FFFUL) |
1833 (value & ~0x0001FFFFUL & ~mask);
1834 env->DBAT[0][nr] = env->IBAT[0][nr];
1835 if (env->IBAT[1][nr] & 0x40) {
1836 #if !defined(FLUSH_ALL_TLBS)
1837 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1842 #if defined(FLUSH_ALL_TLBS)
1850 void helper_store_601_batl(CPUPPCState *env, uint32_t nr, target_ulong value)
1852 #if !defined(FLUSH_ALL_TLBS)
1858 dump_store_bat(env, 'I', 1, nr, value);
1859 if (env->IBAT[1][nr] != value) {
1860 #if defined(FLUSH_ALL_TLBS)
1863 if (env->IBAT[1][nr] & 0x40) {
1864 #if !defined(FLUSH_ALL_TLBS)
1865 mask = (env->IBAT[1][nr] << 17) & 0x0FFE0000UL;
1866 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1872 #if !defined(FLUSH_ALL_TLBS)
1873 mask = (value << 17) & 0x0FFE0000UL;
1874 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1879 env->IBAT[1][nr] = value;
1880 env->DBAT[1][nr] = value;
1881 #if defined(FLUSH_ALL_TLBS)
1889 /*****************************************************************************/
1890 /* TLB management */
1891 void ppc_tlb_invalidate_all(CPUPPCState *env)
1893 PowerPCCPU *cpu = ppc_env_get_cpu(env);
1895 switch (env->mmu_model) {
1896 case POWERPC_MMU_SOFT_6xx:
1897 case POWERPC_MMU_SOFT_74xx:
1898 ppc6xx_tlb_invalidate_all(env);
1900 case POWERPC_MMU_SOFT_4xx:
1901 case POWERPC_MMU_SOFT_4xx_Z:
1902 ppc4xx_tlb_invalidate_all(env);
1904 case POWERPC_MMU_REAL:
1905 cpu_abort(CPU(cpu), "No TLB for PowerPC 4xx in real mode\n");
1907 case POWERPC_MMU_MPC8xx:
1909 cpu_abort(CPU(cpu), "MPC8xx MMU model is not implemented\n");
1911 case POWERPC_MMU_BOOKE:
1912 tlb_flush(CPU(cpu), 1);
1914 case POWERPC_MMU_BOOKE206:
1915 booke206_flush_tlb(env, -1, 0);
1917 case POWERPC_MMU_32B:
1918 case POWERPC_MMU_601:
1919 #if defined(TARGET_PPC64)
1920 case POWERPC_MMU_64B:
1921 case POWERPC_MMU_2_03:
1922 case POWERPC_MMU_2_06:
1923 case POWERPC_MMU_2_06a:
1924 case POWERPC_MMU_2_07:
1925 case POWERPC_MMU_2_07a:
1926 #endif /* defined(TARGET_PPC64) */
1927 tlb_flush(CPU(cpu), 1);
1931 cpu_abort(CPU(cpu), "Unknown MMU model\n");
1936 void ppc_tlb_invalidate_one(CPUPPCState *env, target_ulong addr)
1938 #if !defined(FLUSH_ALL_TLBS)
1939 PowerPCCPU *cpu = ppc_env_get_cpu(env);
1942 addr &= TARGET_PAGE_MASK;
1943 switch (env->mmu_model) {
1944 case POWERPC_MMU_SOFT_6xx:
1945 case POWERPC_MMU_SOFT_74xx:
1946 ppc6xx_tlb_invalidate_virt(env, addr, 0);
1947 if (env->id_tlbs == 1) {
1948 ppc6xx_tlb_invalidate_virt(env, addr, 1);
1951 case POWERPC_MMU_32B:
1952 case POWERPC_MMU_601:
1953 /* tlbie invalidate TLBs for all segments */
1954 addr &= ~((target_ulong)-1ULL << 28);
1956 /* XXX: this case should be optimized,
1957 * giving a mask to tlb_flush_page
1959 tlb_flush_page(cs, addr | (0x0 << 28));
1960 tlb_flush_page(cs, addr | (0x1 << 28));
1961 tlb_flush_page(cs, addr | (0x2 << 28));
1962 tlb_flush_page(cs, addr | (0x3 << 28));
1963 tlb_flush_page(cs, addr | (0x4 << 28));
1964 tlb_flush_page(cs, addr | (0x5 << 28));
1965 tlb_flush_page(cs, addr | (0x6 << 28));
1966 tlb_flush_page(cs, addr | (0x7 << 28));
1967 tlb_flush_page(cs, addr | (0x8 << 28));
1968 tlb_flush_page(cs, addr | (0x9 << 28));
1969 tlb_flush_page(cs, addr | (0xA << 28));
1970 tlb_flush_page(cs, addr | (0xB << 28));
1971 tlb_flush_page(cs, addr | (0xC << 28));
1972 tlb_flush_page(cs, addr | (0xD << 28));
1973 tlb_flush_page(cs, addr | (0xE << 28));
1974 tlb_flush_page(cs, addr | (0xF << 28));
1976 #if defined(TARGET_PPC64)
1977 case POWERPC_MMU_64B:
1978 case POWERPC_MMU_2_03:
1979 case POWERPC_MMU_2_06:
1980 case POWERPC_MMU_2_06a:
1981 case POWERPC_MMU_2_07:
1982 case POWERPC_MMU_2_07a:
1983 /* tlbie invalidate TLBs for all segments */
1984 /* XXX: given the fact that there are too many segments to invalidate,
1985 * and we still don't have a tlb_flush_mask(env, n, mask) in QEMU,
1986 * we just invalidate all TLBs
1988 tlb_flush(CPU(cpu), 1);
1990 #endif /* defined(TARGET_PPC64) */
1992 /* Should never reach here with other MMU models */
1996 ppc_tlb_invalidate_all(env);
2000 /*****************************************************************************/
2001 /* Special registers manipulation */
2002 void ppc_store_sdr1(CPUPPCState *env, target_ulong value)
2004 qemu_log_mask(CPU_LOG_MMU, "%s: " TARGET_FMT_lx "\n", __func__, value);
2005 assert(!env->external_htab);
2006 env->spr[SPR_SDR1] = value;
2007 #if defined(TARGET_PPC64)
2008 if (env->mmu_model & POWERPC_MMU_64) {
2009 PowerPCCPU *cpu = ppc_env_get_cpu(env);
2010 Error *local_err = NULL;
2012 ppc_hash64_set_sdr1(cpu, value, &local_err);
2014 error_report_err(local_err);
2015 error_free(local_err);
2018 #endif /* defined(TARGET_PPC64) */
2020 /* FIXME: Should check for valid HTABMASK values */
2021 env->htab_mask = ((value & SDR_32_HTABMASK) << 16) | 0xFFFF;
2022 env->htab_base = value & SDR_32_HTABORG;
2026 /* Segment registers load and store */
2027 target_ulong helper_load_sr(CPUPPCState *env, target_ulong sr_num)
2029 #if defined(TARGET_PPC64)
2030 if (env->mmu_model & POWERPC_MMU_64) {
2035 return env->sr[sr_num];
2038 void helper_store_sr(CPUPPCState *env, target_ulong srnum, target_ulong value)
2040 PowerPCCPU *cpu = ppc_env_get_cpu(env);
2042 qemu_log_mask(CPU_LOG_MMU,
2043 "%s: reg=%d " TARGET_FMT_lx " " TARGET_FMT_lx "\n", __func__,
2044 (int)srnum, value, env->sr[srnum]);
2045 #if defined(TARGET_PPC64)
2046 if (env->mmu_model & POWERPC_MMU_64) {
2047 uint64_t esid, vsid;
2050 esid = ((uint64_t)(srnum & 0xf) << 28) | SLB_ESID_V;
2053 vsid = (value & 0xfffffff) << 12;
2055 vsid |= ((value >> 27) & 0xf) << 8;
2057 ppc_store_slb(cpu, srnum, esid, vsid);
2060 if (env->sr[srnum] != value) {
2061 env->sr[srnum] = value;
2062 /* Invalidating 256MB of virtual memory in 4kB pages is way longer than
2063 flusing the whole TLB. */
2064 #if !defined(FLUSH_ALL_TLBS) && 0
2066 target_ulong page, end;
2067 /* Invalidate 256 MB of virtual memory */
2068 page = (16 << 20) * srnum;
2069 end = page + (16 << 20);
2070 for (; page != end; page += TARGET_PAGE_SIZE) {
2071 tlb_flush_page(CPU(cpu), page);
2075 tlb_flush(CPU(cpu), 1);
2080 /* TLB management */
2081 void helper_tlbia(CPUPPCState *env)
2083 ppc_tlb_invalidate_all(env);
2086 void helper_tlbie(CPUPPCState *env, target_ulong addr)
2088 ppc_tlb_invalidate_one(env, addr);
2091 void helper_tlbiva(CPUPPCState *env, target_ulong addr)
2093 PowerPCCPU *cpu = ppc_env_get_cpu(env);
2095 /* tlbiva instruction only exists on BookE */
2096 assert(env->mmu_model == POWERPC_MMU_BOOKE);
2098 cpu_abort(CPU(cpu), "BookE MMU model is not implemented\n");
2101 /* Software driven TLBs management */
2102 /* PowerPC 602/603 software TLB load instructions helpers */
2103 static void do_6xx_tlb(CPUPPCState *env, target_ulong new_EPN, int is_code)
2105 target_ulong RPN, CMP, EPN;
2108 RPN = env->spr[SPR_RPA];
2110 CMP = env->spr[SPR_ICMP];
2111 EPN = env->spr[SPR_IMISS];
2113 CMP = env->spr[SPR_DCMP];
2114 EPN = env->spr[SPR_DMISS];
2116 way = (env->spr[SPR_SRR1] >> 17) & 1;
2117 (void)EPN; /* avoid a compiler warning */
2118 LOG_SWTLB("%s: EPN " TARGET_FMT_lx " " TARGET_FMT_lx " PTE0 " TARGET_FMT_lx
2119 " PTE1 " TARGET_FMT_lx " way %d\n", __func__, new_EPN, EPN, CMP,
2121 /* Store this TLB */
2122 ppc6xx_tlb_store(env, (uint32_t)(new_EPN & TARGET_PAGE_MASK),
2123 way, is_code, CMP, RPN);
2126 void helper_6xx_tlbd(CPUPPCState *env, target_ulong EPN)
2128 do_6xx_tlb(env, EPN, 0);
2131 void helper_6xx_tlbi(CPUPPCState *env, target_ulong EPN)
2133 do_6xx_tlb(env, EPN, 1);
2136 /* PowerPC 74xx software TLB load instructions helpers */
2137 static void do_74xx_tlb(CPUPPCState *env, target_ulong new_EPN, int is_code)
2139 target_ulong RPN, CMP, EPN;
2142 RPN = env->spr[SPR_PTELO];
2143 CMP = env->spr[SPR_PTEHI];
2144 EPN = env->spr[SPR_TLBMISS] & ~0x3;
2145 way = env->spr[SPR_TLBMISS] & 0x3;
2146 (void)EPN; /* avoid a compiler warning */
2147 LOG_SWTLB("%s: EPN " TARGET_FMT_lx " " TARGET_FMT_lx " PTE0 " TARGET_FMT_lx
2148 " PTE1 " TARGET_FMT_lx " way %d\n", __func__, new_EPN, EPN, CMP,
2150 /* Store this TLB */
2151 ppc6xx_tlb_store(env, (uint32_t)(new_EPN & TARGET_PAGE_MASK),
2152 way, is_code, CMP, RPN);
2155 void helper_74xx_tlbd(CPUPPCState *env, target_ulong EPN)
2157 do_74xx_tlb(env, EPN, 0);
2160 void helper_74xx_tlbi(CPUPPCState *env, target_ulong EPN)
2162 do_74xx_tlb(env, EPN, 1);
2165 /*****************************************************************************/
2166 /* PowerPC 601 specific instructions (POWER bridge) */
2168 target_ulong helper_rac(CPUPPCState *env, target_ulong addr)
2172 target_ulong ret = 0;
2174 /* We don't have to generate many instances of this instruction,
2175 * as rac is supervisor only.
2177 /* XXX: FIX THIS: Pretend we have no BAT */
2178 nb_BATs = env->nb_BATs;
2180 if (get_physical_address(env, &ctx, addr, 0, ACCESS_INT) == 0) {
2183 env->nb_BATs = nb_BATs;
2187 static inline target_ulong booke_tlb_to_page_size(int size)
2189 return 1024 << (2 * size);
2192 static inline int booke_page_size_to_tlb(target_ulong page_size)
2196 switch (page_size) {
2230 #if defined(TARGET_PPC64)
2231 case 0x000100000000ULL:
2234 case 0x000400000000ULL:
2237 case 0x001000000000ULL:
2240 case 0x004000000000ULL:
2243 case 0x010000000000ULL:
2255 /* Helpers for 4xx TLB management */
2256 #define PPC4XX_TLB_ENTRY_MASK 0x0000003f /* Mask for 64 TLB entries */
2258 #define PPC4XX_TLBHI_V 0x00000040
2259 #define PPC4XX_TLBHI_E 0x00000020
2260 #define PPC4XX_TLBHI_SIZE_MIN 0
2261 #define PPC4XX_TLBHI_SIZE_MAX 7
2262 #define PPC4XX_TLBHI_SIZE_DEFAULT 1
2263 #define PPC4XX_TLBHI_SIZE_SHIFT 7
2264 #define PPC4XX_TLBHI_SIZE_MASK 0x00000007
2266 #define PPC4XX_TLBLO_EX 0x00000200
2267 #define PPC4XX_TLBLO_WR 0x00000100
2268 #define PPC4XX_TLBLO_ATTR_MASK 0x000000FF
2269 #define PPC4XX_TLBLO_RPN_MASK 0xFFFFFC00
2271 target_ulong helper_4xx_tlbre_hi(CPUPPCState *env, target_ulong entry)
2277 entry &= PPC4XX_TLB_ENTRY_MASK;
2278 tlb = &env->tlb.tlbe[entry];
2280 if (tlb->prot & PAGE_VALID) {
2281 ret |= PPC4XX_TLBHI_V;
2283 size = booke_page_size_to_tlb(tlb->size);
2284 if (size < PPC4XX_TLBHI_SIZE_MIN || size > PPC4XX_TLBHI_SIZE_MAX) {
2285 size = PPC4XX_TLBHI_SIZE_DEFAULT;
2287 ret |= size << PPC4XX_TLBHI_SIZE_SHIFT;
2288 env->spr[SPR_40x_PID] = tlb->PID;
2292 target_ulong helper_4xx_tlbre_lo(CPUPPCState *env, target_ulong entry)
2297 entry &= PPC4XX_TLB_ENTRY_MASK;
2298 tlb = &env->tlb.tlbe[entry];
2300 if (tlb->prot & PAGE_EXEC) {
2301 ret |= PPC4XX_TLBLO_EX;
2303 if (tlb->prot & PAGE_WRITE) {
2304 ret |= PPC4XX_TLBLO_WR;
2309 void helper_4xx_tlbwe_hi(CPUPPCState *env, target_ulong entry,
2312 PowerPCCPU *cpu = ppc_env_get_cpu(env);
2313 CPUState *cs = CPU(cpu);
2315 target_ulong page, end;
2317 LOG_SWTLB("%s entry %d val " TARGET_FMT_lx "\n", __func__, (int)entry,
2319 entry &= PPC4XX_TLB_ENTRY_MASK;
2320 tlb = &env->tlb.tlbe[entry];
2321 /* Invalidate previous TLB (if it's valid) */
2322 if (tlb->prot & PAGE_VALID) {
2323 end = tlb->EPN + tlb->size;
2324 LOG_SWTLB("%s: invalidate old TLB %d start " TARGET_FMT_lx " end "
2325 TARGET_FMT_lx "\n", __func__, (int)entry, tlb->EPN, end);
2326 for (page = tlb->EPN; page < end; page += TARGET_PAGE_SIZE) {
2327 tlb_flush_page(cs, page);
2330 tlb->size = booke_tlb_to_page_size((val >> PPC4XX_TLBHI_SIZE_SHIFT)
2331 & PPC4XX_TLBHI_SIZE_MASK);
2332 /* We cannot handle TLB size < TARGET_PAGE_SIZE.
2333 * If this ever occurs, one should use the ppcemb target instead
2334 * of the ppc or ppc64 one
2336 if ((val & PPC4XX_TLBHI_V) && tlb->size < TARGET_PAGE_SIZE) {
2337 cpu_abort(cs, "TLB size " TARGET_FMT_lu " < %u "
2338 "are not supported (%d)\n",
2339 tlb->size, TARGET_PAGE_SIZE, (int)((val >> 7) & 0x7));
2341 tlb->EPN = val & ~(tlb->size - 1);
2342 if (val & PPC4XX_TLBHI_V) {
2343 tlb->prot |= PAGE_VALID;
2344 if (val & PPC4XX_TLBHI_E) {
2345 /* XXX: TO BE FIXED */
2347 "Little-endian TLB entries are not supported by now\n");
2350 tlb->prot &= ~PAGE_VALID;
2352 tlb->PID = env->spr[SPR_40x_PID]; /* PID */
2353 LOG_SWTLB("%s: set up TLB %d RPN " TARGET_FMT_plx " EPN " TARGET_FMT_lx
2354 " size " TARGET_FMT_lx " prot %c%c%c%c PID %d\n", __func__,
2355 (int)entry, tlb->RPN, tlb->EPN, tlb->size,
2356 tlb->prot & PAGE_READ ? 'r' : '-',
2357 tlb->prot & PAGE_WRITE ? 'w' : '-',
2358 tlb->prot & PAGE_EXEC ? 'x' : '-',
2359 tlb->prot & PAGE_VALID ? 'v' : '-', (int)tlb->PID);
2360 /* Invalidate new TLB (if valid) */
2361 if (tlb->prot & PAGE_VALID) {
2362 end = tlb->EPN + tlb->size;
2363 LOG_SWTLB("%s: invalidate TLB %d start " TARGET_FMT_lx " end "
2364 TARGET_FMT_lx "\n", __func__, (int)entry, tlb->EPN, end);
2365 for (page = tlb->EPN; page < end; page += TARGET_PAGE_SIZE) {
2366 tlb_flush_page(cs, page);
2371 void helper_4xx_tlbwe_lo(CPUPPCState *env, target_ulong entry,
2376 LOG_SWTLB("%s entry %i val " TARGET_FMT_lx "\n", __func__, (int)entry,
2378 entry &= PPC4XX_TLB_ENTRY_MASK;
2379 tlb = &env->tlb.tlbe[entry];
2380 tlb->attr = val & PPC4XX_TLBLO_ATTR_MASK;
2381 tlb->RPN = val & PPC4XX_TLBLO_RPN_MASK;
2382 tlb->prot = PAGE_READ;
2383 if (val & PPC4XX_TLBLO_EX) {
2384 tlb->prot |= PAGE_EXEC;
2386 if (val & PPC4XX_TLBLO_WR) {
2387 tlb->prot |= PAGE_WRITE;
2389 LOG_SWTLB("%s: set up TLB %d RPN " TARGET_FMT_plx " EPN " TARGET_FMT_lx
2390 " size " TARGET_FMT_lx " prot %c%c%c%c PID %d\n", __func__,
2391 (int)entry, tlb->RPN, tlb->EPN, tlb->size,
2392 tlb->prot & PAGE_READ ? 'r' : '-',
2393 tlb->prot & PAGE_WRITE ? 'w' : '-',
2394 tlb->prot & PAGE_EXEC ? 'x' : '-',
2395 tlb->prot & PAGE_VALID ? 'v' : '-', (int)tlb->PID);
2398 target_ulong helper_4xx_tlbsx(CPUPPCState *env, target_ulong address)
2400 return ppcemb_tlb_search(env, address, env->spr[SPR_40x_PID]);
2403 /* PowerPC 440 TLB management */
2404 void helper_440_tlbwe(CPUPPCState *env, uint32_t word, target_ulong entry,
2407 PowerPCCPU *cpu = ppc_env_get_cpu(env);
2409 target_ulong EPN, RPN, size;
2412 LOG_SWTLB("%s word %d entry %d value " TARGET_FMT_lx "\n",
2413 __func__, word, (int)entry, value);
2416 tlb = &env->tlb.tlbe[entry];
2419 /* Just here to please gcc */
2421 EPN = value & 0xFFFFFC00;
2422 if ((tlb->prot & PAGE_VALID) && EPN != tlb->EPN) {
2426 size = booke_tlb_to_page_size((value >> 4) & 0xF);
2427 if ((tlb->prot & PAGE_VALID) && tlb->size < size) {
2432 tlb->attr |= (value >> 8) & 1;
2433 if (value & 0x200) {
2434 tlb->prot |= PAGE_VALID;
2436 if (tlb->prot & PAGE_VALID) {
2437 tlb->prot &= ~PAGE_VALID;
2441 tlb->PID = env->spr[SPR_440_MMUCR] & 0x000000FF;
2442 if (do_flush_tlbs) {
2443 tlb_flush(CPU(cpu), 1);
2447 RPN = value & 0xFFFFFC0F;
2448 if ((tlb->prot & PAGE_VALID) && tlb->RPN != RPN) {
2449 tlb_flush(CPU(cpu), 1);
2454 tlb->attr = (tlb->attr & 0x1) | (value & 0x0000FF00);
2455 tlb->prot = tlb->prot & PAGE_VALID;
2457 tlb->prot |= PAGE_READ << 4;
2460 tlb->prot |= PAGE_WRITE << 4;
2463 tlb->prot |= PAGE_EXEC << 4;
2466 tlb->prot |= PAGE_READ;
2469 tlb->prot |= PAGE_WRITE;
2472 tlb->prot |= PAGE_EXEC;
2478 target_ulong helper_440_tlbre(CPUPPCState *env, uint32_t word,
2486 tlb = &env->tlb.tlbe[entry];
2489 /* Just here to please gcc */
2492 size = booke_page_size_to_tlb(tlb->size);
2493 if (size < 0 || size > 0xF) {
2497 if (tlb->attr & 0x1) {
2500 if (tlb->prot & PAGE_VALID) {
2503 env->spr[SPR_440_MMUCR] &= ~0x000000FF;
2504 env->spr[SPR_440_MMUCR] |= tlb->PID;
2510 ret = tlb->attr & ~0x1;
2511 if (tlb->prot & (PAGE_READ << 4)) {
2514 if (tlb->prot & (PAGE_WRITE << 4)) {
2517 if (tlb->prot & (PAGE_EXEC << 4)) {
2520 if (tlb->prot & PAGE_READ) {
2523 if (tlb->prot & PAGE_WRITE) {
2526 if (tlb->prot & PAGE_EXEC) {
2534 target_ulong helper_440_tlbsx(CPUPPCState *env, target_ulong address)
2536 return ppcemb_tlb_search(env, address, env->spr[SPR_440_MMUCR] & 0xFF);
2539 /* PowerPC BookE 2.06 TLB management */
2541 static ppcmas_tlb_t *booke206_cur_tlb(CPUPPCState *env)
2543 PowerPCCPU *cpu = ppc_env_get_cpu(env);
2544 uint32_t tlbncfg = 0;
2545 int esel = (env->spr[SPR_BOOKE_MAS0] & MAS0_ESEL_MASK) >> MAS0_ESEL_SHIFT;
2546 int ea = (env->spr[SPR_BOOKE_MAS2] & MAS2_EPN_MASK);
2549 tlb = (env->spr[SPR_BOOKE_MAS0] & MAS0_TLBSEL_MASK) >> MAS0_TLBSEL_SHIFT;
2550 tlbncfg = env->spr[SPR_BOOKE_TLB0CFG + tlb];
2552 if ((tlbncfg & TLBnCFG_HES) && (env->spr[SPR_BOOKE_MAS0] & MAS0_HES)) {
2553 cpu_abort(CPU(cpu), "we don't support HES yet\n");
2556 return booke206_get_tlbm(env, tlb, ea, esel);
2559 void helper_booke_setpid(CPUPPCState *env, uint32_t pidn, target_ulong pid)
2561 PowerPCCPU *cpu = ppc_env_get_cpu(env);
2563 env->spr[pidn] = pid;
2564 /* changing PIDs mean we're in a different address space now */
2565 tlb_flush(CPU(cpu), 1);
2568 void helper_booke206_tlbwe(CPUPPCState *env)
2570 PowerPCCPU *cpu = ppc_env_get_cpu(env);
2571 uint32_t tlbncfg, tlbn;
2573 uint32_t size_tlb, size_ps;
2577 switch (env->spr[SPR_BOOKE_MAS0] & MAS0_WQ_MASK) {
2578 case MAS0_WQ_ALWAYS:
2579 /* good to go, write that entry */
2582 /* XXX check if reserved */
2587 case MAS0_WQ_CLR_RSRV:
2588 /* XXX clear entry */
2591 /* no idea what to do */
2595 if (((env->spr[SPR_BOOKE_MAS0] & MAS0_ATSEL) == MAS0_ATSEL_LRAT) &&
2597 /* XXX we don't support direct LRAT setting yet */
2598 fprintf(stderr, "cpu: don't support LRAT setting yet\n");
2602 tlbn = (env->spr[SPR_BOOKE_MAS0] & MAS0_TLBSEL_MASK) >> MAS0_TLBSEL_SHIFT;
2603 tlbncfg = env->spr[SPR_BOOKE_TLB0CFG + tlbn];
2605 tlb = booke206_cur_tlb(env);
2608 helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
2609 POWERPC_EXCP_INVAL |
2610 POWERPC_EXCP_INVAL_INVAL);
2613 /* check that we support the targeted size */
2614 size_tlb = (env->spr[SPR_BOOKE_MAS1] & MAS1_TSIZE_MASK) >> MAS1_TSIZE_SHIFT;
2615 size_ps = booke206_tlbnps(env, tlbn);
2616 if ((env->spr[SPR_BOOKE_MAS1] & MAS1_VALID) && (tlbncfg & TLBnCFG_AVAIL) &&
2617 !(size_ps & (1 << size_tlb))) {
2618 helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
2619 POWERPC_EXCP_INVAL |
2620 POWERPC_EXCP_INVAL_INVAL);
2624 cpu_abort(CPU(cpu), "missing HV implementation\n");
2626 tlb->mas7_3 = ((uint64_t)env->spr[SPR_BOOKE_MAS7] << 32) |
2627 env->spr[SPR_BOOKE_MAS3];
2628 tlb->mas1 = env->spr[SPR_BOOKE_MAS1];
2631 if (!(tlbncfg & TLBnCFG_AVAIL)) {
2632 /* force !AVAIL TLB entries to correct page size */
2633 tlb->mas1 &= ~MAS1_TSIZE_MASK;
2634 /* XXX can be configured in MMUCSR0 */
2635 tlb->mas1 |= (tlbncfg & TLBnCFG_MINSIZE) >> 12;
2638 /* Make a mask from TLB size to discard invalid bits in EPN field */
2639 mask = ~(booke206_tlb_to_page_size(env, tlb) - 1);
2640 /* Add a mask for page attributes */
2641 mask |= MAS2_ACM | MAS2_VLE | MAS2_W | MAS2_I | MAS2_M | MAS2_G | MAS2_E;
2644 /* Executing a tlbwe instruction in 32-bit mode will set
2645 * bits 0:31 of the TLB EPN field to zero.
2650 tlb->mas2 = env->spr[SPR_BOOKE_MAS2] & mask;
2652 if (!(tlbncfg & TLBnCFG_IPROT)) {
2653 /* no IPROT supported by TLB */
2654 tlb->mas1 &= ~MAS1_IPROT;
2657 if (booke206_tlb_to_page_size(env, tlb) == TARGET_PAGE_SIZE) {
2658 tlb_flush_page(CPU(cpu), tlb->mas2 & MAS2_EPN_MASK);
2660 tlb_flush(CPU(cpu), 1);
2664 static inline void booke206_tlb_to_mas(CPUPPCState *env, ppcmas_tlb_t *tlb)
2666 int tlbn = booke206_tlbm_to_tlbn(env, tlb);
2667 int way = booke206_tlbm_to_way(env, tlb);
2669 env->spr[SPR_BOOKE_MAS0] = tlbn << MAS0_TLBSEL_SHIFT;
2670 env->spr[SPR_BOOKE_MAS0] |= way << MAS0_ESEL_SHIFT;
2671 env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_NV_SHIFT;
2673 env->spr[SPR_BOOKE_MAS1] = tlb->mas1;
2674 env->spr[SPR_BOOKE_MAS2] = tlb->mas2;
2675 env->spr[SPR_BOOKE_MAS3] = tlb->mas7_3;
2676 env->spr[SPR_BOOKE_MAS7] = tlb->mas7_3 >> 32;
2679 void helper_booke206_tlbre(CPUPPCState *env)
2681 ppcmas_tlb_t *tlb = NULL;
2683 tlb = booke206_cur_tlb(env);
2685 env->spr[SPR_BOOKE_MAS1] = 0;
2687 booke206_tlb_to_mas(env, tlb);
2691 void helper_booke206_tlbsx(CPUPPCState *env, target_ulong address)
2693 ppcmas_tlb_t *tlb = NULL;
2698 spid = (env->spr[SPR_BOOKE_MAS6] & MAS6_SPID_MASK) >> MAS6_SPID_SHIFT;
2699 sas = env->spr[SPR_BOOKE_MAS6] & MAS6_SAS;
2701 for (i = 0; i < BOOKE206_MAX_TLBN; i++) {
2702 int ways = booke206_tlb_ways(env, i);
2704 for (j = 0; j < ways; j++) {
2705 tlb = booke206_get_tlbm(env, i, address, j);
2711 if (ppcmas_tlb_check(env, tlb, &raddr, address, spid)) {
2715 if (sas != ((tlb->mas1 & MAS1_TS) >> MAS1_TS_SHIFT)) {
2719 booke206_tlb_to_mas(env, tlb);
2724 /* no entry found, fill with defaults */
2725 env->spr[SPR_BOOKE_MAS0] = env->spr[SPR_BOOKE_MAS4] & MAS4_TLBSELD_MASK;
2726 env->spr[SPR_BOOKE_MAS1] = env->spr[SPR_BOOKE_MAS4] & MAS4_TSIZED_MASK;
2727 env->spr[SPR_BOOKE_MAS2] = env->spr[SPR_BOOKE_MAS4] & MAS4_WIMGED_MASK;
2728 env->spr[SPR_BOOKE_MAS3] = 0;
2729 env->spr[SPR_BOOKE_MAS7] = 0;
2731 if (env->spr[SPR_BOOKE_MAS6] & MAS6_SAS) {
2732 env->spr[SPR_BOOKE_MAS1] |= MAS1_TS;
2735 env->spr[SPR_BOOKE_MAS1] |= (env->spr[SPR_BOOKE_MAS6] >> 16)
2738 /* next victim logic */
2739 env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_ESEL_SHIFT;
2741 env->last_way &= booke206_tlb_ways(env, 0) - 1;
2742 env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_NV_SHIFT;
2745 static inline void booke206_invalidate_ea_tlb(CPUPPCState *env, int tlbn,
2749 int ways = booke206_tlb_ways(env, tlbn);
2752 for (i = 0; i < ways; i++) {
2753 ppcmas_tlb_t *tlb = booke206_get_tlbm(env, tlbn, ea, i);
2757 mask = ~(booke206_tlb_to_page_size(env, tlb) - 1);
2758 if (((tlb->mas2 & MAS2_EPN_MASK) == (ea & mask)) &&
2759 !(tlb->mas1 & MAS1_IPROT)) {
2760 tlb->mas1 &= ~MAS1_VALID;
2765 void helper_booke206_tlbivax(CPUPPCState *env, target_ulong address)
2767 PowerPCCPU *cpu = ppc_env_get_cpu(env);
2769 if (address & 0x4) {
2770 /* flush all entries */
2771 if (address & 0x8) {
2772 /* flush all of TLB1 */
2773 booke206_flush_tlb(env, BOOKE206_FLUSH_TLB1, 1);
2775 /* flush all of TLB0 */
2776 booke206_flush_tlb(env, BOOKE206_FLUSH_TLB0, 0);
2781 if (address & 0x8) {
2782 /* flush TLB1 entries */
2783 booke206_invalidate_ea_tlb(env, 1, address);
2784 tlb_flush(CPU(cpu), 1);
2786 /* flush TLB0 entries */
2787 booke206_invalidate_ea_tlb(env, 0, address);
2788 tlb_flush_page(CPU(cpu), address & MAS2_EPN_MASK);
2792 void helper_booke206_tlbilx0(CPUPPCState *env, target_ulong address)
2794 /* XXX missing LPID handling */
2795 booke206_flush_tlb(env, -1, 1);
2798 void helper_booke206_tlbilx1(CPUPPCState *env, target_ulong address)
2800 PowerPCCPU *cpu = ppc_env_get_cpu(env);
2802 int tid = (env->spr[SPR_BOOKE_MAS6] & MAS6_SPID);
2803 ppcmas_tlb_t *tlb = env->tlb.tlbm;
2806 /* XXX missing LPID handling */
2807 for (i = 0; i < BOOKE206_MAX_TLBN; i++) {
2808 tlb_size = booke206_tlb_size(env, i);
2809 for (j = 0; j < tlb_size; j++) {
2810 if (!(tlb[j].mas1 & MAS1_IPROT) &&
2811 ((tlb[j].mas1 & MAS1_TID_MASK) == tid)) {
2812 tlb[j].mas1 &= ~MAS1_VALID;
2815 tlb += booke206_tlb_size(env, i);
2817 tlb_flush(CPU(cpu), 1);
2820 void helper_booke206_tlbilx3(CPUPPCState *env, target_ulong address)
2822 PowerPCCPU *cpu = ppc_env_get_cpu(env);
2825 int tid = (env->spr[SPR_BOOKE_MAS6] & MAS6_SPID);
2826 int pid = tid >> MAS6_SPID_SHIFT;
2827 int sgs = env->spr[SPR_BOOKE_MAS5] & MAS5_SGS;
2828 int ind = (env->spr[SPR_BOOKE_MAS6] & MAS6_SIND) ? MAS1_IND : 0;
2829 /* XXX check for unsupported isize and raise an invalid opcode then */
2830 int size = env->spr[SPR_BOOKE_MAS6] & MAS6_ISIZE_MASK;
2831 /* XXX implement MAV2 handling */
2834 /* XXX missing LPID handling */
2835 /* flush by pid and ea */
2836 for (i = 0; i < BOOKE206_MAX_TLBN; i++) {
2837 int ways = booke206_tlb_ways(env, i);
2839 for (j = 0; j < ways; j++) {
2840 tlb = booke206_get_tlbm(env, i, address, j);
2844 if ((ppcmas_tlb_check(env, tlb, NULL, address, pid) != 0) ||
2845 (tlb->mas1 & MAS1_IPROT) ||
2846 ((tlb->mas1 & MAS1_IND) != ind) ||
2847 ((tlb->mas8 & MAS8_TGS) != sgs)) {
2850 if (mav2 && ((tlb->mas1 & MAS1_TSIZE_MASK) != size)) {
2851 /* XXX only check when MMUCFG[TWC] || TLBnCFG[HES] */
2854 /* XXX e500mc doesn't match SAS, but other cores might */
2855 tlb->mas1 &= ~MAS1_VALID;
2858 tlb_flush(CPU(cpu), 1);
2861 void helper_booke206_tlbflush(CPUPPCState *env, target_ulong type)
2866 flags |= BOOKE206_FLUSH_TLB1;
2870 flags |= BOOKE206_FLUSH_TLB0;
2873 booke206_flush_tlb(env, flags, 1);
2877 /*****************************************************************************/
2879 /* try to fill the TLB and return an exception if error. If retaddr is
2880 NULL, it means that the function was called in C code (i.e. not
2881 from generated code or from helper.c) */
2882 /* XXX: fix it to restore all registers */
2883 void tlb_fill(CPUState *cs, target_ulong addr, int is_write, int mmu_idx,
2886 PowerPCCPU *cpu = POWERPC_CPU(cs);
2887 PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cs);
2888 CPUPPCState *env = &cpu->env;
2891 if (pcc->handle_mmu_fault) {
2892 ret = pcc->handle_mmu_fault(cpu, addr, is_write, mmu_idx);
2894 ret = cpu_ppc_handle_mmu_fault(env, addr, is_write, mmu_idx);
2896 if (unlikely(ret != 0)) {
2897 if (likely(retaddr)) {
2898 /* now we have a real cpu fault */
2899 cpu_restore_state(cs, retaddr);
2901 helper_raise_exception_err(env, cs->exception_index, env->error_code);
Code Review / kvmfornfv.git / blob