2
* MIPS emulation helpers for qemu.
4
* Copyright (c) 2004-2005 Jocelyn Mayer
6
* This library is free software; you can redistribute it and/or
7
* modify it under the terms of the GNU Lesser General Public
8
* License as published by the Free Software Foundation; either
9
* version 2 of the License, or (at your option) any later version.
11
* This library is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14
* Lesser General Public License for more details.
16
* You should have received a copy of the GNU Lesser General Public
17
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
36
#if !defined(CONFIG_USER_ONLY)
38
/* no MMU emulation */
39
int no_mmu_map_address (CPUState *env, target_phys_addr_t *physical, int *prot,
40
target_ulong address, int rw, int access_type)
43
*prot = PAGE_READ | PAGE_WRITE;
47
/* fixed mapping MMU emulation */
48
int fixed_mmu_map_address (CPUState *env, target_phys_addr_t *physical, int *prot,
49
target_ulong address, int rw, int access_type)
51
if (address <= (int32_t)0x7FFFFFFFUL) {
52
if (!(env->CP0_Status & (1 << CP0St_ERL)))
53
*physical = address + 0x40000000UL;
56
} else if (address <= (int32_t)0xBFFFFFFFUL)
57
*physical = address & 0x1FFFFFFF;
61
*prot = PAGE_READ | PAGE_WRITE;
65
/* MIPS32/MIPS64 R4000-style MMU emulation */
66
int r4k_map_address (CPUState *env, target_phys_addr_t *physical, int *prot,
67
target_ulong address, int rw, int access_type)
69
uint8_t ASID = env->CP0_EntryHi & 0xFF;
72
for (i = 0; i < env->tlb->tlb_in_use; i++) {
73
r4k_tlb_t *tlb = &env->tlb->mmu.r4k.tlb[i];
74
/* 1k pages are not supported. */
75
target_ulong mask = tlb->PageMask | ~(TARGET_PAGE_MASK << 1);
76
target_ulong tag = address & ~mask;
77
target_ulong VPN = tlb->VPN & ~mask;
78
#if defined(TARGET_MIPS64)
82
/* Check ASID, virtual page number & size */
83
if ((tlb->G == 1 || tlb->ASID == ASID) && VPN == tag) {
85
int n = !!(address & mask & ~(mask >> 1));
86
/* Check access rights */
87
if (!(n ? tlb->V1 : tlb->V0))
88
return TLBRET_INVALID;
89
if (rw == 0 || (n ? tlb->D1 : tlb->D0)) {
90
*physical = tlb->PFN[n] | (address & (mask >> 1));
92
if (n ? tlb->D1 : tlb->D0)
99
return TLBRET_NOMATCH;
102
static int get_physical_address (CPUState *env, target_phys_addr_t *physical,
103
int *prot, target_ulong address,
104
int rw, int access_type)
106
/* User mode can only access useg/xuseg */
107
int user_mode = (env->hflags & MIPS_HFLAG_MODE) == MIPS_HFLAG_UM;
108
int supervisor_mode = (env->hflags & MIPS_HFLAG_MODE) == MIPS_HFLAG_SM;
109
int kernel_mode = !user_mode && !supervisor_mode;
110
#if defined(TARGET_MIPS64)
111
int UX = (env->CP0_Status & (1 << CP0St_UX)) != 0;
112
int SX = (env->CP0_Status & (1 << CP0St_SX)) != 0;
113
int KX = (env->CP0_Status & (1 << CP0St_KX)) != 0;
115
int ret = TLBRET_MATCH;
118
qemu_log("user mode %d h %08x\n", user_mode, env->hflags);
121
if (address <= (int32_t)0x7FFFFFFFUL) {
123
if (env->CP0_Status & (1 << CP0St_ERL)) {
124
*physical = address & 0xFFFFFFFF;
125
*prot = PAGE_READ | PAGE_WRITE;
127
ret = env->tlb->map_address(env, physical, prot, address, rw, access_type);
129
#if defined(TARGET_MIPS64)
130
} else if (address < 0x4000000000000000ULL) {
132
if (UX && address <= (0x3FFFFFFFFFFFFFFFULL & env->SEGMask)) {
133
ret = env->tlb->map_address(env, physical, prot, address, rw, access_type);
135
ret = TLBRET_BADADDR;
137
} else if (address < 0x8000000000000000ULL) {
139
if ((supervisor_mode || kernel_mode) &&
140
SX && address <= (0x7FFFFFFFFFFFFFFFULL & env->SEGMask)) {
141
ret = env->tlb->map_address(env, physical, prot, address, rw, access_type);
143
ret = TLBRET_BADADDR;
145
} else if (address < 0xC000000000000000ULL) {
147
if (kernel_mode && KX &&
148
(address & 0x07FFFFFFFFFFFFFFULL) <= env->PAMask) {
149
*physical = address & env->PAMask;
150
*prot = PAGE_READ | PAGE_WRITE;
152
ret = TLBRET_BADADDR;
154
} else if (address < 0xFFFFFFFF80000000ULL) {
156
if (kernel_mode && KX &&
157
address <= (0xFFFFFFFF7FFFFFFFULL & env->SEGMask)) {
158
ret = env->tlb->map_address(env, physical, prot, address, rw, access_type);
160
ret = TLBRET_BADADDR;
163
} else if (address < (int32_t)0xA0000000UL) {
166
*physical = address - (int32_t)0x80000000UL;
167
*prot = PAGE_READ | PAGE_WRITE;
169
ret = TLBRET_BADADDR;
171
} else if (address < (int32_t)0xC0000000UL) {
174
*physical = address - (int32_t)0xA0000000UL;
175
*prot = PAGE_READ | PAGE_WRITE;
177
ret = TLBRET_BADADDR;
179
} else if (address < (int32_t)0xE0000000UL) {
181
if (supervisor_mode || kernel_mode) {
182
ret = env->tlb->map_address(env, physical, prot, address, rw, access_type);
184
ret = TLBRET_BADADDR;
188
/* XXX: debug segment is not emulated */
190
ret = env->tlb->map_address(env, physical, prot, address, rw, access_type);
192
ret = TLBRET_BADADDR;
196
qemu_log(TARGET_FMT_lx " %d %d => " TARGET_FMT_lx " %d (%d)\n",
197
address, rw, access_type, *physical, *prot, ret);
204
static void raise_mmu_exception(CPUState *env, target_ulong address,
205
int rw, int tlb_error)
207
int exception = 0, error_code = 0;
212
/* Reference to kernel address from user mode or supervisor mode */
213
/* Reference to supervisor address from user mode */
215
exception = EXCP_AdES;
217
exception = EXCP_AdEL;
220
/* No TLB match for a mapped address */
222
exception = EXCP_TLBS;
224
exception = EXCP_TLBL;
228
/* TLB match with no valid bit */
230
exception = EXCP_TLBS;
232
exception = EXCP_TLBL;
235
/* TLB match but 'D' bit is cleared */
236
exception = EXCP_LTLBL;
240
/* Raise exception */
241
env->CP0_BadVAddr = address;
242
env->CP0_Context = (env->CP0_Context & ~0x007fffff) |
243
((address >> 9) & 0x007ffff0);
245
(env->CP0_EntryHi & 0xFF) | (address & (TARGET_PAGE_MASK << 1));
246
#if defined(TARGET_MIPS64)
247
env->CP0_EntryHi &= env->SEGMask;
248
env->CP0_XContext = (env->CP0_XContext & ((~0ULL) << (env->SEGBITS - 7))) |
249
((address & 0xC00000000000ULL) >> (55 - env->SEGBITS)) |
250
((address & ((1ULL << env->SEGBITS) - 1) & 0xFFFFFFFFFFFFE000ULL) >> 9);
252
env->exception_index = exception;
253
env->error_code = error_code;
256
#if !defined(CONFIG_USER_ONLY)
257
target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
259
target_phys_addr_t phys_addr;
262
if (get_physical_address(env, &phys_addr, &prot, addr, 0, ACCESS_INT) != 0)
268
int cpu_mips_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
269
int mmu_idx, int is_softmmu)
271
#if !defined(CONFIG_USER_ONLY)
272
target_phys_addr_t physical;
279
log_cpu_state(env, 0);
281
qemu_log("%s pc " TARGET_FMT_lx " ad " TARGET_FMT_lx " rw %d mmu_idx %d smmu %d\n",
282
__func__, env->active_tc.PC, address, rw, mmu_idx, is_softmmu);
287
#if !defined(CONFIG_USER_ONLY)
288
/* XXX: put correct access by using cpu_restore_state()
290
access_type = ACCESS_INT;
291
ret = get_physical_address(env, &physical, &prot,
292
address, rw, access_type);
293
qemu_log("%s address=" TARGET_FMT_lx " ret %d physical " TARGET_FMT_plx " prot %d\n",
294
__func__, address, ret, physical, prot);
295
if (ret == TLBRET_MATCH) {
296
tlb_set_page(env, address & TARGET_PAGE_MASK,
297
physical & TARGET_PAGE_MASK, prot | PAGE_EXEC,
298
mmu_idx, TARGET_PAGE_SIZE);
303
raise_mmu_exception(env, address, rw, ret);
310
#if !defined(CONFIG_USER_ONLY)
311
target_phys_addr_t cpu_mips_translate_address(CPUState *env, target_ulong address, int rw)
313
target_phys_addr_t physical;
321
access_type = ACCESS_INT;
322
ret = get_physical_address(env, &physical, &prot,
323
address, rw, access_type);
324
if (ret != TLBRET_MATCH) {
325
raise_mmu_exception(env, address, rw, ret);
333
static const char * const excp_names[EXCP_LAST + 1] = {
334
[EXCP_RESET] = "reset",
335
[EXCP_SRESET] = "soft reset",
336
[EXCP_DSS] = "debug single step",
337
[EXCP_DINT] = "debug interrupt",
338
[EXCP_NMI] = "non-maskable interrupt",
339
[EXCP_MCHECK] = "machine check",
340
[EXCP_EXT_INTERRUPT] = "interrupt",
341
[EXCP_DFWATCH] = "deferred watchpoint",
342
[EXCP_DIB] = "debug instruction breakpoint",
343
[EXCP_IWATCH] = "instruction fetch watchpoint",
344
[EXCP_AdEL] = "address error load",
345
[EXCP_AdES] = "address error store",
346
[EXCP_TLBF] = "TLB refill",
347
[EXCP_IBE] = "instruction bus error",
348
[EXCP_DBp] = "debug breakpoint",
349
[EXCP_SYSCALL] = "syscall",
350
[EXCP_BREAK] = "break",
351
[EXCP_CpU] = "coprocessor unusable",
352
[EXCP_RI] = "reserved instruction",
353
[EXCP_OVERFLOW] = "arithmetic overflow",
354
[EXCP_TRAP] = "trap",
355
[EXCP_FPE] = "floating point",
356
[EXCP_DDBS] = "debug data break store",
357
[EXCP_DWATCH] = "data watchpoint",
358
[EXCP_LTLBL] = "TLB modify",
359
[EXCP_TLBL] = "TLB load",
360
[EXCP_TLBS] = "TLB store",
361
[EXCP_DBE] = "data bus error",
362
[EXCP_DDBL] = "debug data break load",
363
[EXCP_THREAD] = "thread",
364
[EXCP_MDMX] = "MDMX",
365
[EXCP_C2E] = "precise coprocessor 2",
366
[EXCP_CACHE] = "cache error",
369
#if !defined(CONFIG_USER_ONLY)
370
static target_ulong exception_resume_pc (CPUState *env)
373
target_ulong isa_mode;
375
isa_mode = !!(env->hflags & MIPS_HFLAG_M16);
376
bad_pc = env->active_tc.PC | isa_mode;
377
if (env->hflags & MIPS_HFLAG_BMASK) {
378
/* If the exception was raised from a delay slot, come back to
380
bad_pc -= (env->hflags & MIPS_HFLAG_B16 ? 2 : 4);
386
static void set_hflags_for_handler (CPUState *env)
388
/* Exception handlers are entered in 32-bit mode. */
389
env->hflags &= ~(MIPS_HFLAG_M16);
390
/* ...except that microMIPS lets you choose. */
391
if (env->insn_flags & ASE_MICROMIPS) {
392
env->hflags |= (!!(env->CP0_Config3
393
& (1 << CP0C3_ISA_ON_EXC))
394
<< MIPS_HFLAG_M16_SHIFT);
399
void do_interrupt (CPUState *env)
401
#if !defined(CONFIG_USER_ONLY)
406
if (qemu_log_enabled() && env->exception_index != EXCP_EXT_INTERRUPT) {
407
if (env->exception_index < 0 || env->exception_index > EXCP_LAST)
410
name = excp_names[env->exception_index];
412
qemu_log("%s enter: PC " TARGET_FMT_lx " EPC " TARGET_FMT_lx " %s exception\n",
413
__func__, env->active_tc.PC, env->CP0_EPC, name);
415
if (env->exception_index == EXCP_EXT_INTERRUPT &&
416
(env->hflags & MIPS_HFLAG_DM))
417
env->exception_index = EXCP_DINT;
419
switch (env->exception_index) {
421
env->CP0_Debug |= 1 << CP0DB_DSS;
422
/* Debug single step cannot be raised inside a delay slot and
423
resume will always occur on the next instruction
424
(but we assume the pc has always been updated during
425
code translation). */
426
env->CP0_DEPC = env->active_tc.PC | !!(env->hflags & MIPS_HFLAG_M16);
427
goto enter_debug_mode;
429
env->CP0_Debug |= 1 << CP0DB_DINT;
432
env->CP0_Debug |= 1 << CP0DB_DIB;
435
env->CP0_Debug |= 1 << CP0DB_DBp;
438
env->CP0_Debug |= 1 << CP0DB_DDBS;
441
env->CP0_Debug |= 1 << CP0DB_DDBL;
443
env->CP0_DEPC = exception_resume_pc(env);
444
env->hflags &= ~MIPS_HFLAG_BMASK;
446
env->hflags |= MIPS_HFLAG_DM | MIPS_HFLAG_64 | MIPS_HFLAG_CP0;
447
env->hflags &= ~(MIPS_HFLAG_KSU);
448
/* EJTAG probe trap enable is not implemented... */
449
if (!(env->CP0_Status & (1 << CP0St_EXL)))
450
env->CP0_Cause &= ~(1 << CP0Ca_BD);
451
env->active_tc.PC = (int32_t)0xBFC00480;
452
set_hflags_for_handler(env);
458
env->CP0_Status |= (1 << CP0St_SR);
459
memset(env->CP0_WatchLo, 0, sizeof(*env->CP0_WatchLo));
462
env->CP0_Status |= (1 << CP0St_NMI);
464
env->CP0_ErrorEPC = exception_resume_pc(env);
465
env->hflags &= ~MIPS_HFLAG_BMASK;
466
env->CP0_Status |= (1 << CP0St_ERL) | (1 << CP0St_BEV);
467
env->hflags |= MIPS_HFLAG_64 | MIPS_HFLAG_CP0;
468
env->hflags &= ~(MIPS_HFLAG_KSU);
469
if (!(env->CP0_Status & (1 << CP0St_EXL)))
470
env->CP0_Cause &= ~(1 << CP0Ca_BD);
471
env->active_tc.PC = (int32_t)0xBFC00000;
472
set_hflags_for_handler(env);
474
case EXCP_EXT_INTERRUPT:
476
if (env->CP0_Cause & (1 << CP0Ca_IV))
479
if (env->CP0_Config3 & ((1 << CP0C3_VInt) | (1 << CP0C3_VEIC))) {
480
/* Vectored Interrupts. */
481
unsigned int spacing;
483
unsigned int pending = (env->CP0_Cause & CP0Ca_IP_mask) >> 8;
485
/* Compute the Vector Spacing. */
486
spacing = (env->CP0_IntCtl >> CP0IntCtl_VS) & ((1 << 6) - 1);
489
if (env->CP0_Config3 & (1 << CP0C3_VInt)) {
490
/* For VInt mode, the MIPS computes the vector internally. */
491
for (vector = 0; vector < 8; vector++) {
499
/* For VEIC mode, the external interrupt controller feeds the
500
vector throught the CP0Cause IP lines. */
503
offset = 0x200 + vector * spacing;
511
if (env->error_code == 1 && !(env->CP0_Status & (1 << CP0St_EXL))) {
512
#if defined(TARGET_MIPS64)
513
int R = env->CP0_BadVAddr >> 62;
514
int UX = (env->CP0_Status & (1 << CP0St_UX)) != 0;
515
int SX = (env->CP0_Status & (1 << CP0St_SX)) != 0;
516
int KX = (env->CP0_Status & (1 << CP0St_KX)) != 0;
518
if (((R == 0 && UX) || (R == 1 && SX) || (R == 3 && KX)) &&
519
(!(env->insn_flags & (INSN_LOONGSON2E | INSN_LOONGSON2F))))
528
if (env->error_code == 1 && !(env->CP0_Status & (1 << CP0St_EXL))) {
529
#if defined(TARGET_MIPS64)
530
int R = env->CP0_BadVAddr >> 62;
531
int UX = (env->CP0_Status & (1 << CP0St_UX)) != 0;
532
int SX = (env->CP0_Status & (1 << CP0St_SX)) != 0;
533
int KX = (env->CP0_Status & (1 << CP0St_KX)) != 0;
535
if (((R == 0 && UX) || (R == 1 && SX) || (R == 3 && KX)) &&
536
(!(env->insn_flags & (INSN_LOONGSON2E | INSN_LOONGSON2F))))
566
env->CP0_Cause = (env->CP0_Cause & ~(0x3 << CP0Ca_CE)) |
567
(env->error_code << CP0Ca_CE);
586
/* XXX: TODO: manage defered watch exceptions */
596
if (env->CP0_Status & (1 << CP0St_BEV)) {
602
if (!(env->CP0_Status & (1 << CP0St_EXL))) {
603
env->CP0_EPC = exception_resume_pc(env);
604
if (env->hflags & MIPS_HFLAG_BMASK) {
605
env->CP0_Cause |= (1 << CP0Ca_BD);
607
env->CP0_Cause &= ~(1 << CP0Ca_BD);
609
env->CP0_Status |= (1 << CP0St_EXL);
610
env->hflags |= MIPS_HFLAG_64 | MIPS_HFLAG_CP0;
611
env->hflags &= ~(MIPS_HFLAG_KSU);
613
env->hflags &= ~MIPS_HFLAG_BMASK;
614
if (env->CP0_Status & (1 << CP0St_BEV)) {
615
env->active_tc.PC = (int32_t)0xBFC00200;
617
env->active_tc.PC = (int32_t)(env->CP0_EBase & ~0x3ff);
619
env->active_tc.PC += offset;
620
set_hflags_for_handler(env);
621
env->CP0_Cause = (env->CP0_Cause & ~(0x1f << CP0Ca_EC)) | (cause << CP0Ca_EC);
624
qemu_log("Invalid MIPS exception %d. Exiting\n", env->exception_index);
625
printf("Invalid MIPS exception %d. Exiting\n", env->exception_index);
628
if (qemu_log_enabled() && env->exception_index != EXCP_EXT_INTERRUPT) {
629
qemu_log("%s: PC " TARGET_FMT_lx " EPC " TARGET_FMT_lx " cause %d\n"
630
" S %08x C %08x A " TARGET_FMT_lx " D " TARGET_FMT_lx "\n",
631
__func__, env->active_tc.PC, env->CP0_EPC, cause,
632
env->CP0_Status, env->CP0_Cause, env->CP0_BadVAddr,
636
env->exception_index = EXCP_NONE;
639
#if !defined(CONFIG_USER_ONLY)
640
void r4k_invalidate_tlb (CPUState *env, int idx, int use_extra)
645
uint8_t ASID = env->CP0_EntryHi & 0xFF;
648
tlb = &env->tlb->mmu.r4k.tlb[idx];
649
/* The qemu TLB is flushed when the ASID changes, so no need to
650
flush these entries again. */
651
if (tlb->G == 0 && tlb->ASID != ASID) {
655
if (use_extra && env->tlb->tlb_in_use < MIPS_TLB_MAX) {
656
/* For tlbwr, we can shadow the discarded entry into
657
a new (fake) TLB entry, as long as the guest can not
658
tell that it's there. */
659
env->tlb->mmu.r4k.tlb[env->tlb->tlb_in_use] = *tlb;
660
env->tlb->tlb_in_use++;
664
/* 1k pages are not supported. */
665
mask = tlb->PageMask | ~(TARGET_PAGE_MASK << 1);
667
addr = tlb->VPN & ~mask;
668
#if defined(TARGET_MIPS64)
669
if (addr >= (0xFFFFFFFF80000000ULL & env->SEGMask)) {
670
addr |= 0x3FFFFF0000000000ULL;
673
end = addr | (mask >> 1);
675
tlb_flush_page (env, addr);
676
addr += TARGET_PAGE_SIZE;
680
addr = (tlb->VPN & ~mask) | ((mask >> 1) + 1);
681
#if defined(TARGET_MIPS64)
682
if (addr >= (0xFFFFFFFF80000000ULL & env->SEGMask)) {
683
addr |= 0x3FFFFF0000000000ULL;
687
while (addr - 1 < end) {
688
tlb_flush_page (env, addr);
689
addr += TARGET_PAGE_SIZE;
added
removed
target-mips/helper.c
