2
* PowerPC emulation helpers for qemu.
4
* Copyright (c) 2003-2007 Jocelyn Mayer
6
* This library is free software; you can redistribute it and/or
7
* modify it under the terms of the GNU Lesser General Public
8
* License as published by the Free Software Foundation; either
9
* version 2 of the License, or (at your option) any later version.
11
* This library is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14
* Lesser General Public License for more details.
16
* You should have received a copy of the GNU Lesser General Public
17
* License along with this library; if not, write to the Free Software
18
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
30
#include "helper_regs.h"
31
#include "qemu-common.h"
36
//#define DEBUG_SOFTWARE_TLB
37
//#define DUMP_PAGE_TABLES
38
//#define DEBUG_EXCEPTIONS
39
//#define FLUSH_ALL_TLBS
41
/*****************************************************************************/
42
/* PowerPC MMU emulation */
44
#if defined(CONFIG_USER_ONLY)
45
int cpu_ppc_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
46
int mmu_idx, int is_softmmu)
48
int exception, error_code;
51
exception = POWERPC_EXCP_ISI;
52
error_code = 0x40000000;
54
exception = POWERPC_EXCP_DSI;
55
error_code = 0x40000000;
57
error_code |= 0x02000000;
58
env->spr[SPR_DAR] = address;
59
env->spr[SPR_DSISR] = error_code;
61
env->exception_index = exception;
62
env->error_code = error_code;
67
target_phys_addr_t cpu_get_phys_page_debug (CPUState *env, target_ulong addr)
73
/* Common routines used by software and hardware TLBs emulation */
74
static always_inline int pte_is_valid (target_ulong pte0)
76
return pte0 & 0x80000000 ? 1 : 0;
79
static always_inline void pte_invalidate (target_ulong *pte0)
84
#if defined(TARGET_PPC64)
85
static always_inline int pte64_is_valid (target_ulong pte0)
87
return pte0 & 0x0000000000000001ULL ? 1 : 0;
90
static always_inline void pte64_invalidate (target_ulong *pte0)
92
*pte0 &= ~0x0000000000000001ULL;
96
#define PTE_PTEM_MASK 0x7FFFFFBF
97
#define PTE_CHECK_MASK (TARGET_PAGE_MASK | 0x7B)
98
#if defined(TARGET_PPC64)
99
#define PTE64_PTEM_MASK 0xFFFFFFFFFFFFFF80ULL
100
#define PTE64_CHECK_MASK (TARGET_PAGE_MASK | 0x7F)
103
static always_inline int pp_check (int key, int pp, int nx)
107
/* Compute access rights */
108
/* When pp is 3/7, the result is undefined. Set it to noaccess */
115
access |= PAGE_WRITE;
133
access = PAGE_READ | PAGE_WRITE;
143
static always_inline int check_prot (int prot, int rw, int access_type)
147
if (access_type == ACCESS_CODE) {
148
if (prot & PAGE_EXEC)
153
if (prot & PAGE_WRITE)
158
if (prot & PAGE_READ)
167
static always_inline int _pte_check (mmu_ctx_t *ctx, int is_64b,
168
target_ulong pte0, target_ulong pte1,
169
int h, int rw, int type)
171
target_ulong ptem, mmask;
172
int access, ret, pteh, ptev, pp;
176
/* Check validity and table match */
177
#if defined(TARGET_PPC64)
179
ptev = pte64_is_valid(pte0);
180
pteh = (pte0 >> 1) & 1;
184
ptev = pte_is_valid(pte0);
185
pteh = (pte0 >> 6) & 1;
187
if (ptev && h == pteh) {
188
/* Check vsid & api */
189
#if defined(TARGET_PPC64)
191
ptem = pte0 & PTE64_PTEM_MASK;
192
mmask = PTE64_CHECK_MASK;
193
pp = (pte1 & 0x00000003) | ((pte1 >> 61) & 0x00000004);
194
ctx->nx |= (pte1 >> 2) & 1; /* No execute bit */
195
ctx->nx |= (pte1 >> 3) & 1; /* Guarded bit */
199
ptem = pte0 & PTE_PTEM_MASK;
200
mmask = PTE_CHECK_MASK;
201
pp = pte1 & 0x00000003;
203
if (ptem == ctx->ptem) {
204
if (ctx->raddr != (target_phys_addr_t)-1ULL) {
205
/* all matches should have equal RPN, WIMG & PP */
206
if ((ctx->raddr & mmask) != (pte1 & mmask)) {
208
fprintf(logfile, "Bad RPN/WIMG/PP\n");
212
/* Compute access rights */
213
access = pp_check(ctx->key, pp, ctx->nx);
214
/* Keep the matching PTE informations */
217
ret = check_prot(ctx->prot, rw, type);
220
#if defined (DEBUG_MMU)
222
fprintf(logfile, "PTE access granted !\n");
225
/* Access right violation */
226
#if defined (DEBUG_MMU)
228
fprintf(logfile, "PTE access rejected\n");
237
static always_inline int pte32_check (mmu_ctx_t *ctx,
238
target_ulong pte0, target_ulong pte1,
239
int h, int rw, int type)
241
return _pte_check(ctx, 0, pte0, pte1, h, rw, type);
244
#if defined(TARGET_PPC64)
245
static always_inline int pte64_check (mmu_ctx_t *ctx,
246
target_ulong pte0, target_ulong pte1,
247
int h, int rw, int type)
249
return _pte_check(ctx, 1, pte0, pte1, h, rw, type);
253
static always_inline int pte_update_flags (mmu_ctx_t *ctx, target_ulong *pte1p,
258
/* Update page flags */
259
if (!(*pte1p & 0x00000100)) {
260
/* Update accessed flag */
261
*pte1p |= 0x00000100;
264
if (!(*pte1p & 0x00000080)) {
265
if (rw == 1 && ret == 0) {
266
/* Update changed flag */
267
*pte1p |= 0x00000080;
270
/* Force page fault for first write access */
271
ctx->prot &= ~PAGE_WRITE;
278
/* Software driven TLB helpers */
279
static always_inline int ppc6xx_tlb_getnum (CPUState *env, target_ulong eaddr,
280
int way, int is_code)
284
/* Select TLB num in a way from address */
285
nr = (eaddr >> TARGET_PAGE_BITS) & (env->tlb_per_way - 1);
287
nr += env->tlb_per_way * way;
288
/* 6xx have separate TLBs for instructions and data */
289
if (is_code && env->id_tlbs == 1)
295
static always_inline void ppc6xx_tlb_invalidate_all (CPUState *env)
300
#if defined (DEBUG_SOFTWARE_TLB) && 0
302
fprintf(logfile, "Invalidate all TLBs\n");
305
/* Invalidate all defined software TLB */
307
if (env->id_tlbs == 1)
309
for (nr = 0; nr < max; nr++) {
310
tlb = &env->tlb[nr].tlb6;
311
pte_invalidate(&tlb->pte0);
316
static always_inline void __ppc6xx_tlb_invalidate_virt (CPUState *env,
321
#if !defined(FLUSH_ALL_TLBS)
325
/* Invalidate ITLB + DTLB, all ways */
326
for (way = 0; way < env->nb_ways; way++) {
327
nr = ppc6xx_tlb_getnum(env, eaddr, way, is_code);
328
tlb = &env->tlb[nr].tlb6;
329
if (pte_is_valid(tlb->pte0) && (match_epn == 0 || eaddr == tlb->EPN)) {
330
#if defined (DEBUG_SOFTWARE_TLB)
332
fprintf(logfile, "TLB invalidate %d/%d " ADDRX "\n",
333
nr, env->nb_tlb, eaddr);
336
pte_invalidate(&tlb->pte0);
337
tlb_flush_page(env, tlb->EPN);
341
/* XXX: PowerPC specification say this is valid as well */
342
ppc6xx_tlb_invalidate_all(env);
346
static always_inline void ppc6xx_tlb_invalidate_virt (CPUState *env,
350
__ppc6xx_tlb_invalidate_virt(env, eaddr, is_code, 0);
353
void ppc6xx_tlb_store (CPUState *env, target_ulong EPN, int way, int is_code,
354
target_ulong pte0, target_ulong pte1)
359
nr = ppc6xx_tlb_getnum(env, EPN, way, is_code);
360
tlb = &env->tlb[nr].tlb6;
361
#if defined (DEBUG_SOFTWARE_TLB)
363
fprintf(logfile, "Set TLB %d/%d EPN " ADDRX " PTE0 " ADDRX
364
" PTE1 " ADDRX "\n", nr, env->nb_tlb, EPN, pte0, pte1);
367
/* Invalidate any pending reference in Qemu for this virtual address */
368
__ppc6xx_tlb_invalidate_virt(env, EPN, is_code, 1);
372
/* Store last way for LRU mechanism */
376
static always_inline int ppc6xx_tlb_check (CPUState *env, mmu_ctx_t *ctx,
377
target_ulong eaddr, int rw,
385
ret = -1; /* No TLB found */
386
for (way = 0; way < env->nb_ways; way++) {
387
nr = ppc6xx_tlb_getnum(env, eaddr, way,
388
access_type == ACCESS_CODE ? 1 : 0);
389
tlb = &env->tlb[nr].tlb6;
390
/* This test "emulates" the PTE index match for hardware TLBs */
391
if ((eaddr & TARGET_PAGE_MASK) != tlb->EPN) {
392
#if defined (DEBUG_SOFTWARE_TLB)
394
fprintf(logfile, "TLB %d/%d %s [" ADDRX " " ADDRX
397
pte_is_valid(tlb->pte0) ? "valid" : "inval",
398
tlb->EPN, tlb->EPN + TARGET_PAGE_SIZE, eaddr);
403
#if defined (DEBUG_SOFTWARE_TLB)
405
fprintf(logfile, "TLB %d/%d %s " ADDRX " <> " ADDRX " " ADDRX
408
pte_is_valid(tlb->pte0) ? "valid" : "inval",
409
tlb->EPN, eaddr, tlb->pte1,
410
rw ? 'S' : 'L', access_type == ACCESS_CODE ? 'I' : 'D');
413
switch (pte32_check(ctx, tlb->pte0, tlb->pte1, 0, rw, access_type)) {
415
/* TLB inconsistency */
418
/* Access violation */
428
/* XXX: we should go on looping to check all TLBs consistency
429
* but we can speed-up the whole thing as the
430
* result would be undefined if TLBs are not consistent.
439
#if defined (DEBUG_SOFTWARE_TLB)
441
fprintf(logfile, "found TLB at addr " PADDRX " prot=%01x ret=%d\n",
442
ctx->raddr & TARGET_PAGE_MASK, ctx->prot, ret);
445
/* Update page flags */
446
pte_update_flags(ctx, &env->tlb[best].tlb6.pte1, ret, rw);
452
/* Perform BAT hit & translation */
453
static always_inline void bat_size_prot (CPUState *env, target_ulong *blp,
454
int *validp, int *protp,
455
target_ulong *BATu, target_ulong *BATl)
460
bl = (*BATu & 0x00001FFC) << 15;
463
if (((msr_pr == 0) && (*BATu & 0x00000002)) ||
464
((msr_pr != 0) && (*BATu & 0x00000001))) {
466
pp = *BATl & 0x00000003;
468
prot = PAGE_READ | PAGE_EXEC;
478
static always_inline void bat_601_size_prot (CPUState *env,target_ulong *blp,
479
int *validp, int *protp,
484
int key, pp, valid, prot;
486
bl = (*BATl & 0x0000003F) << 17;
487
#if defined (DEBUG_BATS)
489
fprintf(logfile, "b %02x ==> bl " ADDRX " msk " ADDRX "\n",
490
(uint8_t)(*BATl & 0x0000003F), bl, ~bl);
494
valid = (*BATl >> 6) & 1;
496
pp = *BATu & 0x00000003;
498
key = (*BATu >> 3) & 1;
500
key = (*BATu >> 2) & 1;
501
prot = pp_check(key, pp, 0);
508
static always_inline int get_bat (CPUState *env, mmu_ctx_t *ctx,
509
target_ulong virtual, int rw, int type)
511
target_ulong *BATlt, *BATut, *BATu, *BATl;
512
target_ulong base, BEPIl, BEPIu, bl;
516
#if defined (DEBUG_BATS)
518
fprintf(logfile, "%s: %cBAT v " ADDRX "\n", __func__,
519
type == ACCESS_CODE ? 'I' : 'D', virtual);
524
BATlt = env->IBAT[1];
525
BATut = env->IBAT[0];
528
BATlt = env->DBAT[1];
529
BATut = env->DBAT[0];
532
base = virtual & 0xFFFC0000;
533
for (i = 0; i < env->nb_BATs; i++) {
536
BEPIu = *BATu & 0xF0000000;
537
BEPIl = *BATu & 0x0FFE0000;
538
if (unlikely(env->mmu_model == POWERPC_MMU_601)) {
539
bat_601_size_prot(env, &bl, &valid, &prot, BATu, BATl);
541
bat_size_prot(env, &bl, &valid, &prot, BATu, BATl);
543
#if defined (DEBUG_BATS)
545
fprintf(logfile, "%s: %cBAT%d v " ADDRX " BATu " ADDRX
546
" BATl " ADDRX "\n", __func__,
547
type == ACCESS_CODE ? 'I' : 'D', i, virtual, *BATu, *BATl);
550
if ((virtual & 0xF0000000) == BEPIu &&
551
((virtual & 0x0FFE0000) & ~bl) == BEPIl) {
554
/* Get physical address */
555
ctx->raddr = (*BATl & 0xF0000000) |
556
((virtual & 0x0FFE0000 & bl) | (*BATl & 0x0FFE0000)) |
557
(virtual & 0x0001F000);
558
/* Compute access rights */
560
ret = check_prot(ctx->prot, rw, type);
561
#if defined (DEBUG_BATS)
562
if (ret == 0 && loglevel != 0) {
563
fprintf(logfile, "BAT %d match: r " PADDRX " prot=%c%c\n",
564
i, ctx->raddr, ctx->prot & PAGE_READ ? 'R' : '-',
565
ctx->prot & PAGE_WRITE ? 'W' : '-');
573
#if defined (DEBUG_BATS)
575
fprintf(logfile, "no BAT match for " ADDRX ":\n", virtual);
576
for (i = 0; i < 4; i++) {
579
BEPIu = *BATu & 0xF0000000;
580
BEPIl = *BATu & 0x0FFE0000;
581
bl = (*BATu & 0x00001FFC) << 15;
582
fprintf(logfile, "%s: %cBAT%d v " ADDRX " BATu " ADDRX
583
" BATl " ADDRX " \n\t" ADDRX " " ADDRX " " ADDRX "\n",
584
__func__, type == ACCESS_CODE ? 'I' : 'D', i, virtual,
585
*BATu, *BATl, BEPIu, BEPIl, bl);
595
/* PTE table lookup */
596
static always_inline int _find_pte (mmu_ctx_t *ctx, int is_64b, int h,
599
target_ulong base, pte0, pte1;
603
ret = -1; /* No entry found */
604
base = ctx->pg_addr[h];
605
for (i = 0; i < 8; i++) {
606
#if defined(TARGET_PPC64)
608
pte0 = ldq_phys(base + (i * 16));
609
pte1 = ldq_phys(base + (i * 16) + 8);
610
r = pte64_check(ctx, pte0, pte1, h, rw, type);
611
#if defined (DEBUG_MMU)
613
fprintf(logfile, "Load pte from " ADDRX " => " ADDRX " " ADDRX
614
" %d %d %d " ADDRX "\n",
615
base + (i * 16), pte0, pte1,
616
(int)(pte0 & 1), h, (int)((pte0 >> 1) & 1),
623
pte0 = ldl_phys(base + (i * 8));
624
pte1 = ldl_phys(base + (i * 8) + 4);
625
r = pte32_check(ctx, pte0, pte1, h, rw, type);
626
#if defined (DEBUG_MMU)
628
fprintf(logfile, "Load pte from " ADDRX " => " ADDRX " " ADDRX
629
" %d %d %d " ADDRX "\n",
630
base + (i * 8), pte0, pte1,
631
(int)(pte0 >> 31), h, (int)((pte0 >> 6) & 1),
638
/* PTE inconsistency */
641
/* Access violation */
651
/* XXX: we should go on looping to check all PTEs consistency
652
* but if we can speed-up the whole thing as the
653
* result would be undefined if PTEs are not consistent.
662
#if defined (DEBUG_MMU)
664
fprintf(logfile, "found PTE at addr " PADDRX " prot=%01x ret=%d\n",
665
ctx->raddr, ctx->prot, ret);
668
/* Update page flags */
670
if (pte_update_flags(ctx, &pte1, ret, rw) == 1) {
671
#if defined(TARGET_PPC64)
673
stq_phys_notdirty(base + (good * 16) + 8, pte1);
677
stl_phys_notdirty(base + (good * 8) + 4, pte1);
685
static always_inline int find_pte32 (mmu_ctx_t *ctx, int h, int rw, int type)
687
return _find_pte(ctx, 0, h, rw, type);
690
#if defined(TARGET_PPC64)
691
static always_inline int find_pte64 (mmu_ctx_t *ctx, int h, int rw, int type)
693
return _find_pte(ctx, 1, h, rw, type);
697
static always_inline int find_pte (CPUState *env, mmu_ctx_t *ctx,
698
int h, int rw, int type)
700
#if defined(TARGET_PPC64)
701
if (env->mmu_model & POWERPC_MMU_64)
702
return find_pte64(ctx, h, rw, type);
705
return find_pte32(ctx, h, rw, type);
708
#if defined(TARGET_PPC64)
709
static always_inline int slb_is_valid (uint64_t slb64)
711
return slb64 & 0x0000000008000000ULL ? 1 : 0;
714
static always_inline void slb_invalidate (uint64_t *slb64)
716
*slb64 &= ~0x0000000008000000ULL;
719
static always_inline int slb_lookup (CPUPPCState *env, target_ulong eaddr,
721
target_ulong *page_mask, int *attr)
723
target_phys_addr_t sr_base;
730
sr_base = env->spr[SPR_ASR];
731
#if defined(DEBUG_SLB)
733
fprintf(logfile, "%s: eaddr " ADDRX " base " PADDRX "\n",
734
__func__, eaddr, sr_base);
737
mask = 0x0000000000000000ULL; /* Avoid gcc warning */
738
for (n = 0; n < env->slb_nr; n++) {
739
tmp64 = ldq_phys(sr_base);
740
tmp = ldl_phys(sr_base + 8);
741
#if defined(DEBUG_SLB)
743
fprintf(logfile, "%s: seg %d " PADDRX " %016" PRIx64 " %08"
744
PRIx32 "\n", __func__, n, sr_base, tmp64, tmp);
747
if (slb_is_valid(tmp64)) {
748
/* SLB entry is valid */
749
switch (tmp64 & 0x0000000006000000ULL) {
750
case 0x0000000000000000ULL:
752
mask = 0xFFFFFFFFF0000000ULL;
754
case 0x0000000002000000ULL:
756
mask = 0xFFFF000000000000ULL;
758
case 0x0000000004000000ULL:
759
case 0x0000000006000000ULL:
760
/* Reserved => segment is invalid */
763
if ((eaddr & mask) == (tmp64 & mask)) {
765
*vsid = ((tmp64 << 24) | (tmp >> 8)) & 0x0003FFFFFFFFFFFFULL;
778
void ppc_slb_invalidate_all (CPUPPCState *env)
780
target_phys_addr_t sr_base;
782
int n, do_invalidate;
785
sr_base = env->spr[SPR_ASR];
786
/* XXX: Warning: slbia never invalidates the first segment */
787
for (n = 1; n < env->slb_nr; n++) {
788
tmp64 = ldq_phys(sr_base);
789
if (slb_is_valid(tmp64)) {
790
slb_invalidate(&tmp64);
791
stq_phys(sr_base, tmp64);
792
/* XXX: given the fact that segment size is 256 MB or 1TB,
793
* and we still don't have a tlb_flush_mask(env, n, mask)
794
* in Qemu, we just invalidate all TLBs
804
void ppc_slb_invalidate_one (CPUPPCState *env, uint64_t T0)
806
target_phys_addr_t sr_base;
807
target_ulong vsid, page_mask;
812
n = slb_lookup(env, T0, &vsid, &page_mask, &attr);
814
sr_base = env->spr[SPR_ASR];
816
tmp64 = ldq_phys(sr_base);
817
if (slb_is_valid(tmp64)) {
818
slb_invalidate(&tmp64);
819
stq_phys(sr_base, tmp64);
820
/* XXX: given the fact that segment size is 256 MB or 1TB,
821
* and we still don't have a tlb_flush_mask(env, n, mask)
822
* in Qemu, we just invalidate all TLBs
829
target_ulong ppc_load_slb (CPUPPCState *env, int slb_nr)
831
target_phys_addr_t sr_base;
836
sr_base = env->spr[SPR_ASR];
837
sr_base += 12 * slb_nr;
838
tmp64 = ldq_phys(sr_base);
839
tmp = ldl_phys(sr_base + 8);
840
if (tmp64 & 0x0000000008000000ULL) {
841
/* SLB entry is valid */
842
/* Copy SLB bits 62:88 to Rt 37:63 (VSID 23:49) */
843
rt = tmp >> 8; /* 65:88 => 40:63 */
844
rt |= (tmp64 & 0x7) << 24; /* 62:64 => 37:39 */
845
/* Copy SLB bits 89:92 to Rt 33:36 (KsKpNL) */
846
rt |= ((tmp >> 4) & 0xF) << 27;
850
#if defined(DEBUG_SLB)
852
fprintf(logfile, "%s: " PADDRX " %016" PRIx64 " %08" PRIx32 " => %d "
853
ADDRX "\n", __func__, sr_base, tmp64, tmp, slb_nr, rt);
860
void ppc_store_slb (CPUPPCState *env, int slb_nr, target_ulong rs)
862
target_phys_addr_t sr_base;
866
sr_base = env->spr[SPR_ASR];
867
sr_base += 12 * slb_nr;
868
/* Copy Rs bits 37:63 to SLB 62:88 */
870
tmp64 = (rs >> 24) & 0x7;
871
/* Copy Rs bits 33:36 to SLB 89:92 */
872
tmp |= ((rs >> 27) & 0xF) << 4;
873
/* Set the valid bit */
876
tmp64 |= (uint32_t)slb_nr << 28;
877
#if defined(DEBUG_SLB)
879
fprintf(logfile, "%s: %d " ADDRX " => " PADDRX " %016" PRIx64
880
" %08" PRIx32 "\n", __func__,
881
slb_nr, rs, sr_base, tmp64, tmp);
884
/* Write SLB entry to memory */
885
stq_phys(sr_base, tmp64);
886
stl_phys(sr_base + 8, tmp);
888
#endif /* defined(TARGET_PPC64) */
890
/* Perform segment based translation */
891
static always_inline target_phys_addr_t get_pgaddr (target_phys_addr_t sdr1,
893
target_phys_addr_t hash,
894
target_phys_addr_t mask)
896
return (sdr1 & ((target_phys_addr_t)(-1ULL) << sdr_sh)) | (hash & mask);
899
static always_inline int get_segment (CPUState *env, mmu_ctx_t *ctx,
900
target_ulong eaddr, int rw, int type)
902
target_phys_addr_t sdr, hash, mask, sdr_mask, htab_mask;
903
target_ulong sr, vsid, vsid_mask, pgidx, page_mask;
904
#if defined(TARGET_PPC64)
907
int ds, vsid_sh, sdr_sh, pr;
911
#if defined(TARGET_PPC64)
912
if (env->mmu_model & POWERPC_MMU_64) {
913
#if defined (DEBUG_MMU)
915
fprintf(logfile, "Check SLBs\n");
918
ret = slb_lookup(env, eaddr, &vsid, &page_mask, &attr);
921
ctx->key = ((attr & 0x40) && (pr != 0)) ||
922
((attr & 0x80) && (pr == 0)) ? 1 : 0;
924
ctx->nx = attr & 0x20 ? 1 : 0;
925
vsid_mask = 0x00003FFFFFFFFF80ULL;
930
#endif /* defined(TARGET_PPC64) */
932
sr = env->sr[eaddr >> 28];
933
page_mask = 0x0FFFFFFF;
934
ctx->key = (((sr & 0x20000000) && (pr != 0)) ||
935
((sr & 0x40000000) && (pr == 0))) ? 1 : 0;
936
ds = sr & 0x80000000 ? 1 : 0;
937
ctx->nx = sr & 0x10000000 ? 1 : 0;
938
vsid = sr & 0x00FFFFFF;
939
vsid_mask = 0x01FFFFC0;
943
#if defined (DEBUG_MMU)
945
fprintf(logfile, "Check segment v=" ADDRX " %d " ADDRX
946
" nip=" ADDRX " lr=" ADDRX " ir=%d dr=%d pr=%d %d t=%d\n",
947
eaddr, (int)(eaddr >> 28), sr, env->nip,
948
env->lr, (int)msr_ir, (int)msr_dr, pr != 0 ? 1 : 0,
953
#if defined (DEBUG_MMU)
955
fprintf(logfile, "pte segment: key=%d ds %d nx %d vsid " ADDRX "\n",
956
ctx->key, ds, ctx->nx, vsid);
961
/* Check if instruction fetch is allowed, if needed */
962
if (type != ACCESS_CODE || ctx->nx == 0) {
963
/* Page address translation */
964
/* Primary table address */
966
pgidx = (eaddr & page_mask) >> TARGET_PAGE_BITS;
967
#if defined(TARGET_PPC64)
968
if (env->mmu_model & POWERPC_MMU_64) {
969
htab_mask = 0x0FFFFFFF >> (28 - (sdr & 0x1F));
970
/* XXX: this is false for 1 TB segments */
971
hash = ((vsid ^ pgidx) << vsid_sh) & vsid_mask;
975
htab_mask = sdr & 0x000001FF;
976
hash = ((vsid ^ pgidx) << vsid_sh) & vsid_mask;
978
mask = (htab_mask << sdr_sh) | sdr_mask;
979
#if defined (DEBUG_MMU)
981
fprintf(logfile, "sdr " PADDRX " sh %d hash " PADDRX
982
" mask " PADDRX " " ADDRX "\n",
983
sdr, sdr_sh, hash, mask, page_mask);
986
ctx->pg_addr[0] = get_pgaddr(sdr, sdr_sh, hash, mask);
987
/* Secondary table address */
988
hash = (~hash) & vsid_mask;
989
#if defined (DEBUG_MMU)
991
fprintf(logfile, "sdr " PADDRX " sh %d hash " PADDRX
992
" mask " PADDRX "\n",
993
sdr, sdr_sh, hash, mask);
996
ctx->pg_addr[1] = get_pgaddr(sdr, sdr_sh, hash, mask);
997
#if defined(TARGET_PPC64)
998
if (env->mmu_model & POWERPC_MMU_64) {
999
/* Only 5 bits of the page index are used in the AVPN */
1000
ctx->ptem = (vsid << 12) | ((pgidx >> 4) & 0x0F80);
1004
ctx->ptem = (vsid << 7) | (pgidx >> 10);
1006
/* Initialize real address with an invalid value */
1007
ctx->raddr = (target_phys_addr_t)-1ULL;
1008
if (unlikely(env->mmu_model == POWERPC_MMU_SOFT_6xx ||
1009
env->mmu_model == POWERPC_MMU_SOFT_74xx)) {
1010
/* Software TLB search */
1011
ret = ppc6xx_tlb_check(env, ctx, eaddr, rw, type);
1013
#if defined (DEBUG_MMU)
1014
if (loglevel != 0) {
1015
fprintf(logfile, "0 sdr1=" PADDRX " vsid=" ADDRX " "
1016
"api=" ADDRX " hash=" PADDRX
1017
" pg_addr=" PADDRX "\n",
1018
sdr, vsid, pgidx, hash, ctx->pg_addr[0]);
1021
/* Primary table lookup */
1022
ret = find_pte(env, ctx, 0, rw, type);
1024
/* Secondary table lookup */
1025
#if defined (DEBUG_MMU)
1026
if (eaddr != 0xEFFFFFFF && loglevel != 0) {
1027
fprintf(logfile, "1 sdr1=" PADDRX " vsid=" ADDRX " "
1028
"api=" ADDRX " hash=" PADDRX
1029
" pg_addr=" PADDRX "\n",
1030
sdr, vsid, pgidx, hash, ctx->pg_addr[1]);
1033
ret2 = find_pte(env, ctx, 1, rw, type);
1038
#if defined (DUMP_PAGE_TABLES)
1039
if (loglevel != 0) {
1040
target_phys_addr_t curaddr;
1041
uint32_t a0, a1, a2, a3;
1042
fprintf(logfile, "Page table: " PADDRX " len " PADDRX "\n",
1044
for (curaddr = sdr; curaddr < (sdr + mask + 0x80);
1046
a0 = ldl_phys(curaddr);
1047
a1 = ldl_phys(curaddr + 4);
1048
a2 = ldl_phys(curaddr + 8);
1049
a3 = ldl_phys(curaddr + 12);
1050
if (a0 != 0 || a1 != 0 || a2 != 0 || a3 != 0) {
1051
fprintf(logfile, PADDRX ": %08x %08x %08x %08x\n",
1052
curaddr, a0, a1, a2, a3);
1058
#if defined (DEBUG_MMU)
1060
fprintf(logfile, "No access allowed\n");
1065
#if defined (DEBUG_MMU)
1067
fprintf(logfile, "direct store...\n");
1069
/* Direct-store segment : absolutely *BUGGY* for now */
1072
/* Integer load/store : only access allowed */
1075
/* No code fetch is allowed in direct-store areas */
1078
/* Floating point load/store */
1081
/* lwarx, ldarx or srwcx. */
1084
/* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */
1085
/* Should make the instruction do no-op.
1086
* As it already do no-op, it's quite easy :-)
1091
/* eciwx or ecowx */
1095
fprintf(logfile, "ERROR: instruction should not need "
1096
"address translation\n");
1100
if ((rw == 1 || ctx->key != 1) && (rw == 0 || ctx->key != 0)) {
1111
/* Generic TLB check function for embedded PowerPC implementations */
1112
static always_inline int ppcemb_tlb_check (CPUState *env, ppcemb_tlb_t *tlb,
1113
target_phys_addr_t *raddrp,
1114
target_ulong address,
1115
uint32_t pid, int ext, int i)
1119
/* Check valid flag */
1120
if (!(tlb->prot & PAGE_VALID)) {
1122
fprintf(logfile, "%s: TLB %d not valid\n", __func__, i);
1125
mask = ~(tlb->size - 1);
1126
#if defined (DEBUG_SOFTWARE_TLB)
1127
if (loglevel != 0) {
1128
fprintf(logfile, "%s: TLB %d address " ADDRX " PID %u <=> " ADDRX
1130
__func__, i, address, pid, tlb->EPN, mask, (uint32_t)tlb->PID);
1134
if (tlb->PID != 0 && tlb->PID != pid)
1136
/* Check effective address */
1137
if ((address & mask) != tlb->EPN)
1139
*raddrp = (tlb->RPN & mask) | (address & ~mask);
1140
#if (TARGET_PHYS_ADDR_BITS >= 36)
1142
/* Extend the physical address to 36 bits */
1143
*raddrp |= (target_phys_addr_t)(tlb->RPN & 0xF) << 32;
1150
/* Generic TLB search function for PowerPC embedded implementations */
1151
int ppcemb_tlb_search (CPUPPCState *env, target_ulong address, uint32_t pid)
1154
target_phys_addr_t raddr;
1157
/* Default return value is no match */
1159
for (i = 0; i < env->nb_tlb; i++) {
1160
tlb = &env->tlb[i].tlbe;
1161
if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, 0, i) == 0) {
1170
/* Helpers specific to PowerPC 40x implementations */
1171
static always_inline void ppc4xx_tlb_invalidate_all (CPUState *env)
1176
for (i = 0; i < env->nb_tlb; i++) {
1177
tlb = &env->tlb[i].tlbe;
1178
tlb->prot &= ~PAGE_VALID;
1183
static always_inline void ppc4xx_tlb_invalidate_virt (CPUState *env,
1187
#if !defined(FLUSH_ALL_TLBS)
1189
target_phys_addr_t raddr;
1190
target_ulong page, end;
1193
for (i = 0; i < env->nb_tlb; i++) {
1194
tlb = &env->tlb[i].tlbe;
1195
if (ppcemb_tlb_check(env, tlb, &raddr, eaddr, pid, 0, i) == 0) {
1196
end = tlb->EPN + tlb->size;
1197
for (page = tlb->EPN; page < end; page += TARGET_PAGE_SIZE)
1198
tlb_flush_page(env, page);
1199
tlb->prot &= ~PAGE_VALID;
1204
ppc4xx_tlb_invalidate_all(env);
1208
int mmu40x_get_physical_address (CPUState *env, mmu_ctx_t *ctx,
1209
target_ulong address, int rw, int access_type)
1212
target_phys_addr_t raddr;
1213
int i, ret, zsel, zpr, pr;
1216
raddr = (target_phys_addr_t)-1ULL;
1218
for (i = 0; i < env->nb_tlb; i++) {
1219
tlb = &env->tlb[i].tlbe;
1220
if (ppcemb_tlb_check(env, tlb, &raddr, address,
1221
env->spr[SPR_40x_PID], 0, i) < 0)
1223
zsel = (tlb->attr >> 4) & 0xF;
1224
zpr = (env->spr[SPR_40x_ZPR] >> (28 - (2 * zsel))) & 0x3;
1225
#if defined (DEBUG_SOFTWARE_TLB)
1226
if (loglevel != 0) {
1227
fprintf(logfile, "%s: TLB %d zsel %d zpr %d rw %d attr %08x\n",
1228
__func__, i, zsel, zpr, rw, tlb->attr);
1231
/* Check execute enable bit */
1238
/* All accesses granted */
1239
ctx->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1251
/* Check from TLB entry */
1252
/* XXX: there is a problem here or in the TLB fill code... */
1253
ctx->prot = tlb->prot;
1254
ctx->prot |= PAGE_EXEC;
1255
ret = check_prot(ctx->prot, rw, access_type);
1260
#if defined (DEBUG_SOFTWARE_TLB)
1261
if (loglevel != 0) {
1262
fprintf(logfile, "%s: access granted " ADDRX " => " PADDRX
1263
" %d %d\n", __func__, address, ctx->raddr, ctx->prot,
1270
#if defined (DEBUG_SOFTWARE_TLB)
1271
if (loglevel != 0) {
1272
fprintf(logfile, "%s: access refused " ADDRX " => " PADDRX
1273
" %d %d\n", __func__, address, raddr, ctx->prot,
1281
void store_40x_sler (CPUPPCState *env, uint32_t val)
1283
/* XXX: TO BE FIXED */
1284
if (val != 0x00000000) {
1285
cpu_abort(env, "Little-endian regions are not supported by now\n");
1287
env->spr[SPR_405_SLER] = val;
1290
int mmubooke_get_physical_address (CPUState *env, mmu_ctx_t *ctx,
1291
target_ulong address, int rw,
1295
target_phys_addr_t raddr;
1299
raddr = (target_phys_addr_t)-1ULL;
1300
for (i = 0; i < env->nb_tlb; i++) {
1301
tlb = &env->tlb[i].tlbe;
1302
if (ppcemb_tlb_check(env, tlb, &raddr, address,
1303
env->spr[SPR_BOOKE_PID], 1, i) < 0)
1306
prot = tlb->prot & 0xF;
1308
prot = (tlb->prot >> 4) & 0xF;
1309
/* Check the address space */
1310
if (access_type == ACCESS_CODE) {
1311
if (msr_ir != (tlb->attr & 1))
1314
if (prot & PAGE_EXEC) {
1320
if (msr_dr != (tlb->attr & 1))
1323
if ((!rw && prot & PAGE_READ) || (rw && (prot & PAGE_WRITE))) {
1336
static always_inline int check_physical (CPUState *env, mmu_ctx_t *ctx,
1337
target_ulong eaddr, int rw)
1342
ctx->prot = PAGE_READ | PAGE_EXEC;
1344
switch (env->mmu_model) {
1345
case POWERPC_MMU_32B:
1346
case POWERPC_MMU_601:
1347
case POWERPC_MMU_SOFT_6xx:
1348
case POWERPC_MMU_SOFT_74xx:
1349
case POWERPC_MMU_SOFT_4xx:
1350
case POWERPC_MMU_REAL:
1351
case POWERPC_MMU_BOOKE:
1352
ctx->prot |= PAGE_WRITE;
1354
#if defined(TARGET_PPC64)
1355
case POWERPC_MMU_620:
1356
case POWERPC_MMU_64B:
1357
/* Real address are 60 bits long */
1358
ctx->raddr &= 0x0FFFFFFFFFFFFFFFULL;
1359
ctx->prot |= PAGE_WRITE;
1362
case POWERPC_MMU_SOFT_4xx_Z:
1363
if (unlikely(msr_pe != 0)) {
1364
/* 403 family add some particular protections,
1365
* using PBL/PBU registers for accesses with no translation.
1368
/* Check PLB validity */
1369
(env->pb[0] < env->pb[1] &&
1370
/* and address in plb area */
1371
eaddr >= env->pb[0] && eaddr < env->pb[1]) ||
1372
(env->pb[2] < env->pb[3] &&
1373
eaddr >= env->pb[2] && eaddr < env->pb[3]) ? 1 : 0;
1374
if (in_plb ^ msr_px) {
1375
/* Access in protected area */
1377
/* Access is not allowed */
1381
/* Read-write access is allowed */
1382
ctx->prot |= PAGE_WRITE;
1386
case POWERPC_MMU_MPC8xx:
1388
cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1390
case POWERPC_MMU_BOOKE_FSL:
1392
cpu_abort(env, "BookE FSL MMU model not implemented\n");
1395
cpu_abort(env, "Unknown or invalid MMU model\n");
1402
int get_physical_address (CPUState *env, mmu_ctx_t *ctx, target_ulong eaddr,
1403
int rw, int access_type)
1408
if (loglevel != 0) {
1409
fprintf(logfile, "%s\n", __func__);
1412
if ((access_type == ACCESS_CODE && msr_ir == 0) ||
1413
(access_type != ACCESS_CODE && msr_dr == 0)) {
1414
/* No address translation */
1415
ret = check_physical(env, ctx, eaddr, rw);
1418
switch (env->mmu_model) {
1419
case POWERPC_MMU_32B:
1420
case POWERPC_MMU_601:
1421
case POWERPC_MMU_SOFT_6xx:
1422
case POWERPC_MMU_SOFT_74xx:
1423
#if defined(TARGET_PPC64)
1424
case POWERPC_MMU_620:
1425
case POWERPC_MMU_64B:
1427
/* Try to find a BAT */
1428
if (env->nb_BATs != 0)
1429
ret = get_bat(env, ctx, eaddr, rw, access_type);
1431
/* We didn't match any BAT entry or don't have BATs */
1432
ret = get_segment(env, ctx, eaddr, rw, access_type);
1435
case POWERPC_MMU_SOFT_4xx:
1436
case POWERPC_MMU_SOFT_4xx_Z:
1437
ret = mmu40x_get_physical_address(env, ctx, eaddr,
1440
case POWERPC_MMU_BOOKE:
1441
ret = mmubooke_get_physical_address(env, ctx, eaddr,
1444
case POWERPC_MMU_MPC8xx:
1446
cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1448
case POWERPC_MMU_BOOKE_FSL:
1450
cpu_abort(env, "BookE FSL MMU model not implemented\n");
1452
case POWERPC_MMU_REAL:
1453
cpu_abort(env, "PowerPC in real mode do not do any translation\n");
1456
cpu_abort(env, "Unknown or invalid MMU model\n");
1461
if (loglevel != 0) {
1462
fprintf(logfile, "%s address " ADDRX " => %d " PADDRX "\n",
1463
__func__, eaddr, ret, ctx->raddr);
1470
target_phys_addr_t cpu_get_phys_page_debug (CPUState *env, target_ulong addr)
1474
if (unlikely(get_physical_address(env, &ctx, addr, 0, ACCESS_INT) != 0))
1477
return ctx.raddr & TARGET_PAGE_MASK;
1480
/* Perform address translation */
1481
int cpu_ppc_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
1482
int mmu_idx, int is_softmmu)
1491
access_type = ACCESS_CODE;
1494
/* XXX: put correct access by using cpu_restore_state()
1496
access_type = ACCESS_INT;
1497
// access_type = env->access_type;
1499
ret = get_physical_address(env, &ctx, address, rw, access_type);
1501
ret = tlb_set_page_exec(env, address & TARGET_PAGE_MASK,
1502
ctx.raddr & TARGET_PAGE_MASK, ctx.prot,
1503
mmu_idx, is_softmmu);
1504
} else if (ret < 0) {
1505
#if defined (DEBUG_MMU)
1507
cpu_dump_state(env, logfile, fprintf, 0);
1509
if (access_type == ACCESS_CODE) {
1512
/* No matches in page tables or TLB */
1513
switch (env->mmu_model) {
1514
case POWERPC_MMU_SOFT_6xx:
1515
env->exception_index = POWERPC_EXCP_IFTLB;
1516
env->error_code = 1 << 18;
1517
env->spr[SPR_IMISS] = address;
1518
env->spr[SPR_ICMP] = 0x80000000 | ctx.ptem;
1520
case POWERPC_MMU_SOFT_74xx:
1521
env->exception_index = POWERPC_EXCP_IFTLB;
1523
case POWERPC_MMU_SOFT_4xx:
1524
case POWERPC_MMU_SOFT_4xx_Z:
1525
env->exception_index = POWERPC_EXCP_ITLB;
1526
env->error_code = 0;
1527
env->spr[SPR_40x_DEAR] = address;
1528
env->spr[SPR_40x_ESR] = 0x00000000;
1530
case POWERPC_MMU_32B:
1531
case POWERPC_MMU_601:
1532
#if defined(TARGET_PPC64)
1533
case POWERPC_MMU_620:
1534
case POWERPC_MMU_64B:
1536
env->exception_index = POWERPC_EXCP_ISI;
1537
env->error_code = 0x40000000;
1539
case POWERPC_MMU_BOOKE:
1541
cpu_abort(env, "BookE MMU model is not implemented\n");
1543
case POWERPC_MMU_BOOKE_FSL:
1545
cpu_abort(env, "BookE FSL MMU model is not implemented\n");
1547
case POWERPC_MMU_MPC8xx:
1549
cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1551
case POWERPC_MMU_REAL:
1552
cpu_abort(env, "PowerPC in real mode should never raise "
1553
"any MMU exceptions\n");
1556
cpu_abort(env, "Unknown or invalid MMU model\n");
1561
/* Access rights violation */
1562
env->exception_index = POWERPC_EXCP_ISI;
1563
env->error_code = 0x08000000;
1566
/* No execute protection violation */
1567
env->exception_index = POWERPC_EXCP_ISI;
1568
env->error_code = 0x10000000;
1571
/* Direct store exception */
1572
/* No code fetch is allowed in direct-store areas */
1573
env->exception_index = POWERPC_EXCP_ISI;
1574
env->error_code = 0x10000000;
1576
#if defined(TARGET_PPC64)
1578
/* No match in segment table */
1579
if (env->mmu_model == POWERPC_MMU_620) {
1580
env->exception_index = POWERPC_EXCP_ISI;
1581
/* XXX: this might be incorrect */
1582
env->error_code = 0x40000000;
1584
env->exception_index = POWERPC_EXCP_ISEG;
1585
env->error_code = 0;
1593
/* No matches in page tables or TLB */
1594
switch (env->mmu_model) {
1595
case POWERPC_MMU_SOFT_6xx:
1597
env->exception_index = POWERPC_EXCP_DSTLB;
1598
env->error_code = 1 << 16;
1600
env->exception_index = POWERPC_EXCP_DLTLB;
1601
env->error_code = 0;
1603
env->spr[SPR_DMISS] = address;
1604
env->spr[SPR_DCMP] = 0x80000000 | ctx.ptem;
1606
env->error_code |= ctx.key << 19;
1607
env->spr[SPR_HASH1] = ctx.pg_addr[0];
1608
env->spr[SPR_HASH2] = ctx.pg_addr[1];
1610
case POWERPC_MMU_SOFT_74xx:
1612
env->exception_index = POWERPC_EXCP_DSTLB;
1614
env->exception_index = POWERPC_EXCP_DLTLB;
1617
/* Implement LRU algorithm */
1618
env->error_code = ctx.key << 19;
1619
env->spr[SPR_TLBMISS] = (address & ~((target_ulong)0x3)) |
1620
((env->last_way + 1) & (env->nb_ways - 1));
1621
env->spr[SPR_PTEHI] = 0x80000000 | ctx.ptem;
1623
case POWERPC_MMU_SOFT_4xx:
1624
case POWERPC_MMU_SOFT_4xx_Z:
1625
env->exception_index = POWERPC_EXCP_DTLB;
1626
env->error_code = 0;
1627
env->spr[SPR_40x_DEAR] = address;
1629
env->spr[SPR_40x_ESR] = 0x00800000;
1631
env->spr[SPR_40x_ESR] = 0x00000000;
1633
case POWERPC_MMU_32B:
1634
case POWERPC_MMU_601:
1635
#if defined(TARGET_PPC64)
1636
case POWERPC_MMU_620:
1637
case POWERPC_MMU_64B:
1639
env->exception_index = POWERPC_EXCP_DSI;
1640
env->error_code = 0;
1641
env->spr[SPR_DAR] = address;
1643
env->spr[SPR_DSISR] = 0x42000000;
1645
env->spr[SPR_DSISR] = 0x40000000;
1647
case POWERPC_MMU_MPC8xx:
1649
cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1651
case POWERPC_MMU_BOOKE:
1653
cpu_abort(env, "BookE MMU model is not implemented\n");
1655
case POWERPC_MMU_BOOKE_FSL:
1657
cpu_abort(env, "BookE FSL MMU model is not implemented\n");
1659
case POWERPC_MMU_REAL:
1660
cpu_abort(env, "PowerPC in real mode should never raise "
1661
"any MMU exceptions\n");
1664
cpu_abort(env, "Unknown or invalid MMU model\n");
1669
/* Access rights violation */
1670
env->exception_index = POWERPC_EXCP_DSI;
1671
env->error_code = 0;
1672
env->spr[SPR_DAR] = address;
1674
env->spr[SPR_DSISR] = 0x0A000000;
1676
env->spr[SPR_DSISR] = 0x08000000;
1679
/* Direct store exception */
1680
switch (access_type) {
1682
/* Floating point load/store */
1683
env->exception_index = POWERPC_EXCP_ALIGN;
1684
env->error_code = POWERPC_EXCP_ALIGN_FP;
1685
env->spr[SPR_DAR] = address;
1688
/* lwarx, ldarx or stwcx. */
1689
env->exception_index = POWERPC_EXCP_DSI;
1690
env->error_code = 0;
1691
env->spr[SPR_DAR] = address;
1693
env->spr[SPR_DSISR] = 0x06000000;
1695
env->spr[SPR_DSISR] = 0x04000000;
1698
/* eciwx or ecowx */
1699
env->exception_index = POWERPC_EXCP_DSI;
1700
env->error_code = 0;
1701
env->spr[SPR_DAR] = address;
1703
env->spr[SPR_DSISR] = 0x06100000;
1705
env->spr[SPR_DSISR] = 0x04100000;
1708
printf("DSI: invalid exception (%d)\n", ret);
1709
env->exception_index = POWERPC_EXCP_PROGRAM;
1711
POWERPC_EXCP_INVAL | POWERPC_EXCP_INVAL_INVAL;
1712
env->spr[SPR_DAR] = address;
1716
#if defined(TARGET_PPC64)
1718
/* No match in segment table */
1719
if (env->mmu_model == POWERPC_MMU_620) {
1720
env->exception_index = POWERPC_EXCP_DSI;
1721
env->error_code = 0;
1722
env->spr[SPR_DAR] = address;
1723
/* XXX: this might be incorrect */
1725
env->spr[SPR_DSISR] = 0x42000000;
1727
env->spr[SPR_DSISR] = 0x40000000;
1729
env->exception_index = POWERPC_EXCP_DSEG;
1730
env->error_code = 0;
1731
env->spr[SPR_DAR] = address;
1738
printf("%s: set exception to %d %02x\n", __func__,
1739
env->exception, env->error_code);
1747
/*****************************************************************************/
1748
/* BATs management */
1749
#if !defined(FLUSH_ALL_TLBS)
1750
static always_inline void do_invalidate_BAT (CPUPPCState *env,
1754
target_ulong base, end, page;
1756
base = BATu & ~0x0001FFFF;
1757
end = base + mask + 0x00020000;
1758
#if defined (DEBUG_BATS)
1759
if (loglevel != 0) {
1760
fprintf(logfile, "Flush BAT from " ADDRX " to " ADDRX " (" ADDRX ")\n",
1764
for (page = base; page != end; page += TARGET_PAGE_SIZE)
1765
tlb_flush_page(env, page);
1766
#if defined (DEBUG_BATS)
1768
fprintf(logfile, "Flush done\n");
1773
static always_inline void dump_store_bat (CPUPPCState *env, char ID,
1774
int ul, int nr, target_ulong value)
1776
#if defined (DEBUG_BATS)
1777
if (loglevel != 0) {
1778
fprintf(logfile, "Set %cBAT%d%c to " ADDRX " (" ADDRX ")\n",
1779
ID, nr, ul == 0 ? 'u' : 'l', value, env->nip);
1784
target_ulong do_load_ibatu (CPUPPCState *env, int nr)
1786
return env->IBAT[0][nr];
1789
target_ulong do_load_ibatl (CPUPPCState *env, int nr)
1791
return env->IBAT[1][nr];
1794
void do_store_ibatu (CPUPPCState *env, int nr, target_ulong value)
1798
dump_store_bat(env, 'I', 0, nr, value);
1799
if (env->IBAT[0][nr] != value) {
1800
mask = (value << 15) & 0x0FFE0000UL;
1801
#if !defined(FLUSH_ALL_TLBS)
1802
do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1804
/* When storing valid upper BAT, mask BEPI and BRPN
1805
* and invalidate all TLBs covered by this BAT
1807
mask = (value << 15) & 0x0FFE0000UL;
1808
env->IBAT[0][nr] = (value & 0x00001FFFUL) |
1809
(value & ~0x0001FFFFUL & ~mask);
1810
env->IBAT[1][nr] = (env->IBAT[1][nr] & 0x0000007B) |
1811
(env->IBAT[1][nr] & ~0x0001FFFF & ~mask);
1812
#if !defined(FLUSH_ALL_TLBS)
1813
do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1820
void do_store_ibatl (CPUPPCState *env, int nr, target_ulong value)
1822
dump_store_bat(env, 'I', 1, nr, value);
1823
env->IBAT[1][nr] = value;
1826
target_ulong do_load_dbatu (CPUPPCState *env, int nr)
1828
return env->DBAT[0][nr];
1831
target_ulong do_load_dbatl (CPUPPCState *env, int nr)
1833
return env->DBAT[1][nr];
1836
void do_store_dbatu (CPUPPCState *env, int nr, target_ulong value)
1840
dump_store_bat(env, 'D', 0, nr, value);
1841
if (env->DBAT[0][nr] != value) {
1842
/* When storing valid upper BAT, mask BEPI and BRPN
1843
* and invalidate all TLBs covered by this BAT
1845
mask = (value << 15) & 0x0FFE0000UL;
1846
#if !defined(FLUSH_ALL_TLBS)
1847
do_invalidate_BAT(env, env->DBAT[0][nr], mask);
1849
mask = (value << 15) & 0x0FFE0000UL;
1850
env->DBAT[0][nr] = (value & 0x00001FFFUL) |
1851
(value & ~0x0001FFFFUL & ~mask);
1852
env->DBAT[1][nr] = (env->DBAT[1][nr] & 0x0000007B) |
1853
(env->DBAT[1][nr] & ~0x0001FFFF & ~mask);
1854
#if !defined(FLUSH_ALL_TLBS)
1855
do_invalidate_BAT(env, env->DBAT[0][nr], mask);
1862
void do_store_dbatl (CPUPPCState *env, int nr, target_ulong value)
1864
dump_store_bat(env, 'D', 1, nr, value);
1865
env->DBAT[1][nr] = value;
1868
void do_store_ibatu_601 (CPUPPCState *env, int nr, target_ulong value)
1873
dump_store_bat(env, 'I', 0, nr, value);
1874
if (env->IBAT[0][nr] != value) {
1876
mask = (env->IBAT[1][nr] << 17) & 0x0FFE0000UL;
1877
if (env->IBAT[1][nr] & 0x40) {
1878
/* Invalidate BAT only if it is valid */
1879
#if !defined(FLUSH_ALL_TLBS)
1880
do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1885
/* When storing valid upper BAT, mask BEPI and BRPN
1886
* and invalidate all TLBs covered by this BAT
1888
env->IBAT[0][nr] = (value & 0x00001FFFUL) |
1889
(value & ~0x0001FFFFUL & ~mask);
1890
env->DBAT[0][nr] = env->IBAT[0][nr];
1891
if (env->IBAT[1][nr] & 0x40) {
1892
#if !defined(FLUSH_ALL_TLBS)
1893
do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1898
#if defined(FLUSH_ALL_TLBS)
1905
void do_store_ibatl_601 (CPUPPCState *env, int nr, target_ulong value)
1910
dump_store_bat(env, 'I', 1, nr, value);
1911
if (env->IBAT[1][nr] != value) {
1913
if (env->IBAT[1][nr] & 0x40) {
1914
#if !defined(FLUSH_ALL_TLBS)
1915
mask = (env->IBAT[1][nr] << 17) & 0x0FFE0000UL;
1916
do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1922
#if !defined(FLUSH_ALL_TLBS)
1923
mask = (value << 17) & 0x0FFE0000UL;
1924
do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1929
env->IBAT[1][nr] = value;
1930
env->DBAT[1][nr] = value;
1931
#if defined(FLUSH_ALL_TLBS)
1938
/*****************************************************************************/
1939
/* TLB management */
1940
void ppc_tlb_invalidate_all (CPUPPCState *env)
1942
switch (env->mmu_model) {
1943
case POWERPC_MMU_SOFT_6xx:
1944
case POWERPC_MMU_SOFT_74xx:
1945
ppc6xx_tlb_invalidate_all(env);
1947
case POWERPC_MMU_SOFT_4xx:
1948
case POWERPC_MMU_SOFT_4xx_Z:
1949
ppc4xx_tlb_invalidate_all(env);
1951
case POWERPC_MMU_REAL:
1952
cpu_abort(env, "No TLB for PowerPC 4xx in real mode\n");
1954
case POWERPC_MMU_MPC8xx:
1956
cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1958
case POWERPC_MMU_BOOKE:
1960
cpu_abort(env, "BookE MMU model is not implemented\n");
1962
case POWERPC_MMU_BOOKE_FSL:
1964
cpu_abort(env, "BookE MMU model is not implemented\n");
1966
case POWERPC_MMU_32B:
1967
case POWERPC_MMU_601:
1968
#if defined(TARGET_PPC64)
1969
case POWERPC_MMU_620:
1970
case POWERPC_MMU_64B:
1971
#endif /* defined(TARGET_PPC64) */
1976
cpu_abort(env, "Unknown MMU model\n");
1981
void ppc_tlb_invalidate_one (CPUPPCState *env, target_ulong addr)
1983
#if !defined(FLUSH_ALL_TLBS)
1984
addr &= TARGET_PAGE_MASK;
1985
switch (env->mmu_model) {
1986
case POWERPC_MMU_SOFT_6xx:
1987
case POWERPC_MMU_SOFT_74xx:
1988
ppc6xx_tlb_invalidate_virt(env, addr, 0);
1989
if (env->id_tlbs == 1)
1990
ppc6xx_tlb_invalidate_virt(env, addr, 1);
1992
case POWERPC_MMU_SOFT_4xx:
1993
case POWERPC_MMU_SOFT_4xx_Z:
1994
ppc4xx_tlb_invalidate_virt(env, addr, env->spr[SPR_40x_PID]);
1996
case POWERPC_MMU_REAL:
1997
cpu_abort(env, "No TLB for PowerPC 4xx in real mode\n");
1999
case POWERPC_MMU_MPC8xx:
2001
cpu_abort(env, "MPC8xx MMU model is not implemented\n");
2003
case POWERPC_MMU_BOOKE:
2005
cpu_abort(env, "BookE MMU model is not implemented\n");
2007
case POWERPC_MMU_BOOKE_FSL:
2009
cpu_abort(env, "BookE FSL MMU model is not implemented\n");
2011
case POWERPC_MMU_32B:
2012
case POWERPC_MMU_601:
2013
/* tlbie invalidate TLBs for all segments */
2014
addr &= ~((target_ulong)-1ULL << 28);
2015
/* XXX: this case should be optimized,
2016
* giving a mask to tlb_flush_page
2018
tlb_flush_page(env, addr | (0x0 << 28));
2019
tlb_flush_page(env, addr | (0x1 << 28));
2020
tlb_flush_page(env, addr | (0x2 << 28));
2021
tlb_flush_page(env, addr | (0x3 << 28));
2022
tlb_flush_page(env, addr | (0x4 << 28));
2023
tlb_flush_page(env, addr | (0x5 << 28));
2024
tlb_flush_page(env, addr | (0x6 << 28));
2025
tlb_flush_page(env, addr | (0x7 << 28));
2026
tlb_flush_page(env, addr | (0x8 << 28));
2027
tlb_flush_page(env, addr | (0x9 << 28));
2028
tlb_flush_page(env, addr | (0xA << 28));
2029
tlb_flush_page(env, addr | (0xB << 28));
2030
tlb_flush_page(env, addr | (0xC << 28));
2031
tlb_flush_page(env, addr | (0xD << 28));
2032
tlb_flush_page(env, addr | (0xE << 28));
2033
tlb_flush_page(env, addr | (0xF << 28));
2035
#if defined(TARGET_PPC64)
2036
case POWERPC_MMU_620:
2037
case POWERPC_MMU_64B:
2038
/* tlbie invalidate TLBs for all segments */
2039
/* XXX: given the fact that there are too many segments to invalidate,
2040
* and we still don't have a tlb_flush_mask(env, n, mask) in Qemu,
2041
* we just invalidate all TLBs
2045
#endif /* defined(TARGET_PPC64) */
2048
cpu_abort(env, "Unknown MMU model\n");
2052
ppc_tlb_invalidate_all(env);
2056
/*****************************************************************************/
2057
/* Special registers manipulation */
2058
#if defined(TARGET_PPC64)
2059
target_ulong ppc_load_asr (CPUPPCState *env)
2064
void ppc_store_asr (CPUPPCState *env, target_ulong value)
2066
if (env->asr != value) {
2073
target_ulong do_load_sdr1 (CPUPPCState *env)
2078
void do_store_sdr1 (CPUPPCState *env, target_ulong value)
2080
#if defined (DEBUG_MMU)
2081
if (loglevel != 0) {
2082
fprintf(logfile, "%s: " ADDRX "\n", __func__, value);
2085
if (env->sdr1 != value) {
2086
/* XXX: for PowerPC 64, should check that the HTABSIZE value
2095
target_ulong do_load_sr (CPUPPCState *env, int srnum)
2097
return env->sr[srnum];
2101
void do_store_sr (CPUPPCState *env, int srnum, target_ulong value)
2103
#if defined (DEBUG_MMU)
2104
if (loglevel != 0) {
2105
fprintf(logfile, "%s: reg=%d " ADDRX " " ADDRX "\n",
2106
__func__, srnum, value, env->sr[srnum]);
2109
if (env->sr[srnum] != value) {
2110
env->sr[srnum] = value;
2111
#if !defined(FLUSH_ALL_TLBS) && 0
2113
target_ulong page, end;
2114
/* Invalidate 256 MB of virtual memory */
2115
page = (16 << 20) * srnum;
2116
end = page + (16 << 20);
2117
for (; page != end; page += TARGET_PAGE_SIZE)
2118
tlb_flush_page(env, page);
2125
#endif /* !defined (CONFIG_USER_ONLY) */
2127
/* GDBstub can read and write MSR... */
2128
void ppc_store_msr (CPUPPCState *env, target_ulong value)
2130
hreg_store_msr(env, value, 0);
2133
/*****************************************************************************/
2134
/* Exception processing */
2135
#if defined (CONFIG_USER_ONLY)
2136
void do_interrupt (CPUState *env)
2138
env->exception_index = POWERPC_EXCP_NONE;
2139
env->error_code = 0;
2142
void ppc_hw_interrupt (CPUState *env)
2144
env->exception_index = POWERPC_EXCP_NONE;
2145
env->error_code = 0;
2147
#else /* defined (CONFIG_USER_ONLY) */
2148
static always_inline void dump_syscall (CPUState *env)
2150
fprintf(logfile, "syscall r0=" REGX " r3=" REGX " r4=" REGX
2151
" r5=" REGX " r6=" REGX " nip=" ADDRX "\n",
2152
ppc_dump_gpr(env, 0), ppc_dump_gpr(env, 3), ppc_dump_gpr(env, 4),
2153
ppc_dump_gpr(env, 5), ppc_dump_gpr(env, 6), env->nip);
2156
/* Note that this function should be greatly optimized
2157
* when called with a constant excp, from ppc_hw_interrupt
2159
static always_inline void powerpc_excp (CPUState *env,
2160
int excp_model, int excp)
2162
target_ulong msr, new_msr, vector;
2163
int srr0, srr1, asrr0, asrr1;
2164
int lpes0, lpes1, lev;
2167
/* XXX: find a suitable condition to enable the hypervisor mode */
2168
lpes0 = (env->spr[SPR_LPCR] >> 1) & 1;
2169
lpes1 = (env->spr[SPR_LPCR] >> 2) & 1;
2171
/* Those values ensure we won't enter the hypervisor mode */
2176
if (loglevel & CPU_LOG_INT) {
2177
fprintf(logfile, "Raise exception at " ADDRX " => %08x (%02x)\n",
2178
env->nip, excp, env->error_code);
2186
msr &= ~((target_ulong)0x783F0000);
2188
case POWERPC_EXCP_NONE:
2189
/* Should never happen */
2191
case POWERPC_EXCP_CRITICAL: /* Critical input */
2192
new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2193
switch (excp_model) {
2194
case POWERPC_EXCP_40x:
2195
srr0 = SPR_40x_SRR2;
2196
srr1 = SPR_40x_SRR3;
2198
case POWERPC_EXCP_BOOKE:
2199
srr0 = SPR_BOOKE_CSRR0;
2200
srr1 = SPR_BOOKE_CSRR1;
2202
case POWERPC_EXCP_G2:
2208
case POWERPC_EXCP_MCHECK: /* Machine check exception */
2210
/* Machine check exception is not enabled.
2211
* Enter checkstop state.
2213
if (loglevel != 0) {
2214
fprintf(logfile, "Machine check while not allowed. "
2215
"Entering checkstop state\n");
2217
fprintf(stderr, "Machine check while not allowed. "
2218
"Entering checkstop state\n");
2221
env->interrupt_request |= CPU_INTERRUPT_EXITTB;
2223
new_msr &= ~((target_ulong)1 << MSR_RI);
2224
new_msr &= ~((target_ulong)1 << MSR_ME);
2226
/* XXX: find a suitable condition to enable the hypervisor mode */
2227
new_msr |= (target_ulong)MSR_HVB;
2229
/* XXX: should also have something loaded in DAR / DSISR */
2230
switch (excp_model) {
2231
case POWERPC_EXCP_40x:
2232
srr0 = SPR_40x_SRR2;
2233
srr1 = SPR_40x_SRR3;
2235
case POWERPC_EXCP_BOOKE:
2236
srr0 = SPR_BOOKE_MCSRR0;
2237
srr1 = SPR_BOOKE_MCSRR1;
2238
asrr0 = SPR_BOOKE_CSRR0;
2239
asrr1 = SPR_BOOKE_CSRR1;
2245
case POWERPC_EXCP_DSI: /* Data storage exception */
2246
#if defined (DEBUG_EXCEPTIONS)
2247
if (loglevel != 0) {
2248
fprintf(logfile, "DSI exception: DSISR=" ADDRX" DAR=" ADDRX "\n",
2249
env->spr[SPR_DSISR], env->spr[SPR_DAR]);
2252
new_msr &= ~((target_ulong)1 << MSR_RI);
2254
new_msr |= (target_ulong)MSR_HVB;
2256
case POWERPC_EXCP_ISI: /* Instruction storage exception */
2257
#if defined (DEBUG_EXCEPTIONS)
2258
if (loglevel != 0) {
2259
fprintf(logfile, "ISI exception: msr=" ADDRX ", nip=" ADDRX "\n",
2263
new_msr &= ~((target_ulong)1 << MSR_RI);
2265
new_msr |= (target_ulong)MSR_HVB;
2266
msr |= env->error_code;
2268
case POWERPC_EXCP_EXTERNAL: /* External input */
2269
new_msr &= ~((target_ulong)1 << MSR_RI);
2271
new_msr |= (target_ulong)MSR_HVB;
2273
case POWERPC_EXCP_ALIGN: /* Alignment exception */
2274
new_msr &= ~((target_ulong)1 << MSR_RI);
2276
new_msr |= (target_ulong)MSR_HVB;
2277
/* XXX: this is false */
2278
/* Get rS/rD and rA from faulting opcode */
2279
env->spr[SPR_DSISR] |= (ldl_code((env->nip - 4)) & 0x03FF0000) >> 16;
2281
case POWERPC_EXCP_PROGRAM: /* Program exception */
2282
switch (env->error_code & ~0xF) {
2283
case POWERPC_EXCP_FP:
2284
if ((msr_fe0 == 0 && msr_fe1 == 0) || msr_fp == 0) {
2285
#if defined (DEBUG_EXCEPTIONS)
2286
if (loglevel != 0) {
2287
fprintf(logfile, "Ignore floating point exception\n");
2290
env->exception_index = POWERPC_EXCP_NONE;
2291
env->error_code = 0;
2294
new_msr &= ~((target_ulong)1 << MSR_RI);
2296
new_msr |= (target_ulong)MSR_HVB;
2298
if (msr_fe0 == msr_fe1)
2302
case POWERPC_EXCP_INVAL:
2303
#if defined (DEBUG_EXCEPTIONS)
2304
if (loglevel != 0) {
2305
fprintf(logfile, "Invalid instruction at " ADDRX "\n",
2309
new_msr &= ~((target_ulong)1 << MSR_RI);
2311
new_msr |= (target_ulong)MSR_HVB;
2314
case POWERPC_EXCP_PRIV:
2315
new_msr &= ~((target_ulong)1 << MSR_RI);
2317
new_msr |= (target_ulong)MSR_HVB;
2320
case POWERPC_EXCP_TRAP:
2321
new_msr &= ~((target_ulong)1 << MSR_RI);
2323
new_msr |= (target_ulong)MSR_HVB;
2327
/* Should never occur */
2328
cpu_abort(env, "Invalid program exception %d. Aborting\n",
2333
case POWERPC_EXCP_FPU: /* Floating-point unavailable exception */
2334
new_msr &= ~((target_ulong)1 << MSR_RI);
2336
new_msr |= (target_ulong)MSR_HVB;
2338
case POWERPC_EXCP_SYSCALL: /* System call exception */
2339
/* NOTE: this is a temporary hack to support graphics OSI
2340
calls from the MOL driver */
2341
/* XXX: To be removed */
2342
if (env->gpr[3] == 0x113724fa && env->gpr[4] == 0x77810f9b &&
2344
if (env->osi_call(env) != 0) {
2345
env->exception_index = POWERPC_EXCP_NONE;
2346
env->error_code = 0;
2350
if (loglevel & CPU_LOG_INT) {
2353
new_msr &= ~((target_ulong)1 << MSR_RI);
2354
lev = env->error_code;
2355
if (lev == 1 || (lpes0 == 0 && lpes1 == 0))
2356
new_msr |= (target_ulong)MSR_HVB;
2358
case POWERPC_EXCP_APU: /* Auxiliary processor unavailable */
2359
new_msr &= ~((target_ulong)1 << MSR_RI);
2361
case POWERPC_EXCP_DECR: /* Decrementer exception */
2362
new_msr &= ~((target_ulong)1 << MSR_RI);
2364
new_msr |= (target_ulong)MSR_HVB;
2366
case POWERPC_EXCP_FIT: /* Fixed-interval timer interrupt */
2368
#if defined (DEBUG_EXCEPTIONS)
2370
fprintf(logfile, "FIT exception\n");
2372
new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2374
case POWERPC_EXCP_WDT: /* Watchdog timer interrupt */
2375
#if defined (DEBUG_EXCEPTIONS)
2377
fprintf(logfile, "WDT exception\n");
2379
switch (excp_model) {
2380
case POWERPC_EXCP_BOOKE:
2381
srr0 = SPR_BOOKE_CSRR0;
2382
srr1 = SPR_BOOKE_CSRR1;
2387
new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2389
case POWERPC_EXCP_DTLB: /* Data TLB error */
2390
new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2392
case POWERPC_EXCP_ITLB: /* Instruction TLB error */
2393
new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2395
case POWERPC_EXCP_DEBUG: /* Debug interrupt */
2396
switch (excp_model) {
2397
case POWERPC_EXCP_BOOKE:
2398
srr0 = SPR_BOOKE_DSRR0;
2399
srr1 = SPR_BOOKE_DSRR1;
2400
asrr0 = SPR_BOOKE_CSRR0;
2401
asrr1 = SPR_BOOKE_CSRR1;
2407
cpu_abort(env, "Debug exception is not implemented yet !\n");
2409
case POWERPC_EXCP_SPEU: /* SPE/embedded floating-point unavailable */
2410
new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2412
case POWERPC_EXCP_EFPDI: /* Embedded floating-point data interrupt */
2414
cpu_abort(env, "Embedded floating point data exception "
2415
"is not implemented yet !\n");
2417
case POWERPC_EXCP_EFPRI: /* Embedded floating-point round interrupt */
2419
cpu_abort(env, "Embedded floating point round exception "
2420
"is not implemented yet !\n");
2422
case POWERPC_EXCP_EPERFM: /* Embedded performance monitor interrupt */
2423
new_msr &= ~((target_ulong)1 << MSR_RI);
2426
"Performance counter exception is not implemented yet !\n");
2428
case POWERPC_EXCP_DOORI: /* Embedded doorbell interrupt */
2431
"Embedded doorbell interrupt is not implemented yet !\n");
2433
case POWERPC_EXCP_DOORCI: /* Embedded doorbell critical interrupt */
2434
switch (excp_model) {
2435
case POWERPC_EXCP_BOOKE:
2436
srr0 = SPR_BOOKE_CSRR0;
2437
srr1 = SPR_BOOKE_CSRR1;
2443
cpu_abort(env, "Embedded doorbell critical interrupt "
2444
"is not implemented yet !\n");
2446
case POWERPC_EXCP_RESET: /* System reset exception */
2447
new_msr &= ~((target_ulong)1 << MSR_RI);
2449
/* XXX: find a suitable condition to enable the hypervisor mode */
2450
new_msr |= (target_ulong)MSR_HVB;
2453
case POWERPC_EXCP_DSEG: /* Data segment exception */
2454
new_msr &= ~((target_ulong)1 << MSR_RI);
2456
new_msr |= (target_ulong)MSR_HVB;
2458
case POWERPC_EXCP_ISEG: /* Instruction segment exception */
2459
new_msr &= ~((target_ulong)1 << MSR_RI);
2461
new_msr |= (target_ulong)MSR_HVB;
2463
case POWERPC_EXCP_HDECR: /* Hypervisor decrementer exception */
2466
new_msr |= (target_ulong)MSR_HVB;
2468
case POWERPC_EXCP_TRACE: /* Trace exception */
2469
new_msr &= ~((target_ulong)1 << MSR_RI);
2471
new_msr |= (target_ulong)MSR_HVB;
2473
case POWERPC_EXCP_HDSI: /* Hypervisor data storage exception */
2476
new_msr |= (target_ulong)MSR_HVB;
2478
case POWERPC_EXCP_HISI: /* Hypervisor instruction storage exception */
2481
new_msr |= (target_ulong)MSR_HVB;
2483
case POWERPC_EXCP_HDSEG: /* Hypervisor data segment exception */
2486
new_msr |= (target_ulong)MSR_HVB;
2488
case POWERPC_EXCP_HISEG: /* Hypervisor instruction segment exception */
2491
new_msr |= (target_ulong)MSR_HVB;
2493
case POWERPC_EXCP_VPU: /* Vector unavailable exception */
2494
new_msr &= ~((target_ulong)1 << MSR_RI);
2496
new_msr |= (target_ulong)MSR_HVB;
2498
case POWERPC_EXCP_PIT: /* Programmable interval timer interrupt */
2499
#if defined (DEBUG_EXCEPTIONS)
2501
fprintf(logfile, "PIT exception\n");
2503
new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2505
case POWERPC_EXCP_IO: /* IO error exception */
2507
cpu_abort(env, "601 IO error exception is not implemented yet !\n");
2509
case POWERPC_EXCP_RUNM: /* Run mode exception */
2511
cpu_abort(env, "601 run mode exception is not implemented yet !\n");
2513
case POWERPC_EXCP_EMUL: /* Emulation trap exception */
2515
cpu_abort(env, "602 emulation trap exception "
2516
"is not implemented yet !\n");
2518
case POWERPC_EXCP_IFTLB: /* Instruction fetch TLB error */
2519
new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2520
if (lpes1 == 0) /* XXX: check this */
2521
new_msr |= (target_ulong)MSR_HVB;
2522
switch (excp_model) {
2523
case POWERPC_EXCP_602:
2524
case POWERPC_EXCP_603:
2525
case POWERPC_EXCP_603E:
2526
case POWERPC_EXCP_G2:
2528
case POWERPC_EXCP_7x5:
2530
case POWERPC_EXCP_74xx:
2533
cpu_abort(env, "Invalid instruction TLB miss exception\n");
2537
case POWERPC_EXCP_DLTLB: /* Data load TLB miss */
2538
new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2539
if (lpes1 == 0) /* XXX: check this */
2540
new_msr |= (target_ulong)MSR_HVB;
2541
switch (excp_model) {
2542
case POWERPC_EXCP_602:
2543
case POWERPC_EXCP_603:
2544
case POWERPC_EXCP_603E:
2545
case POWERPC_EXCP_G2:
2547
case POWERPC_EXCP_7x5:
2549
case POWERPC_EXCP_74xx:
2552
cpu_abort(env, "Invalid data load TLB miss exception\n");
2556
case POWERPC_EXCP_DSTLB: /* Data store TLB miss */
2557
new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2558
if (lpes1 == 0) /* XXX: check this */
2559
new_msr |= (target_ulong)MSR_HVB;
2560
switch (excp_model) {
2561
case POWERPC_EXCP_602:
2562
case POWERPC_EXCP_603:
2563
case POWERPC_EXCP_603E:
2564
case POWERPC_EXCP_G2:
2566
/* Swap temporary saved registers with GPRs */
2567
if (!(new_msr & ((target_ulong)1 << MSR_TGPR))) {
2568
new_msr |= (target_ulong)1 << MSR_TGPR;
2569
hreg_swap_gpr_tgpr(env);
2572
case POWERPC_EXCP_7x5:
2574
#if defined (DEBUG_SOFTWARE_TLB)
2575
if (loglevel != 0) {
2576
const unsigned char *es;
2577
target_ulong *miss, *cmp;
2579
if (excp == POWERPC_EXCP_IFTLB) {
2582
miss = &env->spr[SPR_IMISS];
2583
cmp = &env->spr[SPR_ICMP];
2585
if (excp == POWERPC_EXCP_DLTLB)
2590
miss = &env->spr[SPR_DMISS];
2591
cmp = &env->spr[SPR_DCMP];
2593
fprintf(logfile, "6xx %sTLB miss: %cM " ADDRX " %cC " ADDRX
2594
" H1 " ADDRX " H2 " ADDRX " %08x\n",
2595
es, en, *miss, en, *cmp,
2596
env->spr[SPR_HASH1], env->spr[SPR_HASH2],
2600
msr |= env->crf[0] << 28;
2601
msr |= env->error_code; /* key, D/I, S/L bits */
2602
/* Set way using a LRU mechanism */
2603
msr |= ((env->last_way + 1) & (env->nb_ways - 1)) << 17;
2605
case POWERPC_EXCP_74xx:
2607
#if defined (DEBUG_SOFTWARE_TLB)
2608
if (loglevel != 0) {
2609
const unsigned char *es;
2610
target_ulong *miss, *cmp;
2612
if (excp == POWERPC_EXCP_IFTLB) {
2615
miss = &env->spr[SPR_TLBMISS];
2616
cmp = &env->spr[SPR_PTEHI];
2618
if (excp == POWERPC_EXCP_DLTLB)
2623
miss = &env->spr[SPR_TLBMISS];
2624
cmp = &env->spr[SPR_PTEHI];
2626
fprintf(logfile, "74xx %sTLB miss: %cM " ADDRX " %cC " ADDRX
2628
es, en, *miss, en, *cmp, env->error_code);
2631
msr |= env->error_code; /* key bit */
2634
cpu_abort(env, "Invalid data store TLB miss exception\n");
2638
case POWERPC_EXCP_FPA: /* Floating-point assist exception */
2640
cpu_abort(env, "Floating point assist exception "
2641
"is not implemented yet !\n");
2643
case POWERPC_EXCP_DABR: /* Data address breakpoint */
2645
cpu_abort(env, "DABR exception is not implemented yet !\n");
2647
case POWERPC_EXCP_IABR: /* Instruction address breakpoint */
2649
cpu_abort(env, "IABR exception is not implemented yet !\n");
2651
case POWERPC_EXCP_SMI: /* System management interrupt */
2653
cpu_abort(env, "SMI exception is not implemented yet !\n");
2655
case POWERPC_EXCP_THERM: /* Thermal interrupt */
2657
cpu_abort(env, "Thermal management exception "
2658
"is not implemented yet !\n");
2660
case POWERPC_EXCP_PERFM: /* Embedded performance monitor interrupt */
2661
new_msr &= ~((target_ulong)1 << MSR_RI);
2663
new_msr |= (target_ulong)MSR_HVB;
2666
"Performance counter exception is not implemented yet !\n");
2668
case POWERPC_EXCP_VPUA: /* Vector assist exception */
2670
cpu_abort(env, "VPU assist exception is not implemented yet !\n");
2672
case POWERPC_EXCP_SOFTP: /* Soft patch exception */
2675
"970 soft-patch exception is not implemented yet !\n");
2677
case POWERPC_EXCP_MAINT: /* Maintenance exception */
2680
"970 maintenance exception is not implemented yet !\n");
2682
case POWERPC_EXCP_MEXTBR: /* Maskable external breakpoint */
2684
cpu_abort(env, "Maskable external exception "
2685
"is not implemented yet !\n");
2687
case POWERPC_EXCP_NMEXTBR: /* Non maskable external breakpoint */
2689
cpu_abort(env, "Non maskable external exception "
2690
"is not implemented yet !\n");
2694
cpu_abort(env, "Invalid PowerPC exception %d. Aborting\n", excp);
2697
/* save current instruction location */
2698
env->spr[srr0] = env->nip - 4;
2701
/* save next instruction location */
2702
env->spr[srr0] = env->nip;
2706
env->spr[srr1] = msr;
2707
/* If any alternate SRR register are defined, duplicate saved values */
2709
env->spr[asrr0] = env->spr[srr0];
2711
env->spr[asrr1] = env->spr[srr1];
2712
/* If we disactivated any translation, flush TLBs */
2713
if (new_msr & ((1 << MSR_IR) | (1 << MSR_DR)))
2715
/* reload MSR with correct bits */
2716
new_msr &= ~((target_ulong)1 << MSR_EE);
2717
new_msr &= ~((target_ulong)1 << MSR_PR);
2718
new_msr &= ~((target_ulong)1 << MSR_FP);
2719
new_msr &= ~((target_ulong)1 << MSR_FE0);
2720
new_msr &= ~((target_ulong)1 << MSR_SE);
2721
new_msr &= ~((target_ulong)1 << MSR_BE);
2722
new_msr &= ~((target_ulong)1 << MSR_FE1);
2723
new_msr &= ~((target_ulong)1 << MSR_IR);
2724
new_msr &= ~((target_ulong)1 << MSR_DR);
2725
#if 0 /* Fix this: not on all targets */
2726
new_msr &= ~((target_ulong)1 << MSR_PMM);
2728
new_msr &= ~((target_ulong)1 << MSR_LE);
2730
new_msr |= (target_ulong)1 << MSR_LE;
2732
new_msr &= ~((target_ulong)1 << MSR_LE);
2733
/* Jump to handler */
2734
vector = env->excp_vectors[excp];
2735
if (vector == (target_ulong)-1ULL) {
2736
cpu_abort(env, "Raised an exception without defined vector %d\n",
2739
vector |= env->excp_prefix;
2740
#if defined(TARGET_PPC64)
2741
if (excp_model == POWERPC_EXCP_BOOKE) {
2743
new_msr &= ~((target_ulong)1 << MSR_CM);
2744
vector = (uint32_t)vector;
2746
new_msr |= (target_ulong)1 << MSR_CM;
2750
new_msr &= ~((target_ulong)1 << MSR_SF);
2751
vector = (uint32_t)vector;
2753
new_msr |= (target_ulong)1 << MSR_SF;
2757
/* XXX: we don't use hreg_store_msr here as already have treated
2758
* any special case that could occur. Just store MSR and update hflags
2760
env->msr = new_msr & env->msr_mask;
2761
hreg_compute_hflags(env);
2763
/* Reset exception state */
2764
env->exception_index = POWERPC_EXCP_NONE;
2765
env->error_code = 0;
2768
void do_interrupt (CPUState *env)
2770
powerpc_excp(env, env->excp_model, env->exception_index);
2773
void ppc_hw_interrupt (CPUPPCState *env)
2778
if (loglevel & CPU_LOG_INT) {
2779
fprintf(logfile, "%s: %p pending %08x req %08x me %d ee %d\n",
2780
__func__, env, env->pending_interrupts,
2781
env->interrupt_request, (int)msr_me, (int)msr_ee);
2784
/* External reset */
2785
if (env->pending_interrupts & (1 << PPC_INTERRUPT_RESET)) {
2786
env->pending_interrupts &= ~(1 << PPC_INTERRUPT_RESET);
2787
powerpc_excp(env, env->excp_model, POWERPC_EXCP_RESET);
2790
/* Machine check exception */
2791
if (env->pending_interrupts & (1 << PPC_INTERRUPT_MCK)) {
2792
env->pending_interrupts &= ~(1 << PPC_INTERRUPT_MCK);
2793
powerpc_excp(env, env->excp_model, POWERPC_EXCP_MCHECK);
2797
/* External debug exception */
2798
if (env->pending_interrupts & (1 << PPC_INTERRUPT_DEBUG)) {
2799
env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DEBUG);
2800
powerpc_excp(env, env->excp_model, POWERPC_EXCP_DEBUG);
2805
/* XXX: find a suitable condition to enable the hypervisor mode */
2806
hdice = env->spr[SPR_LPCR] & 1;
2810
if ((msr_ee != 0 || msr_hv == 0 || msr_pr != 0) && hdice != 0) {
2811
/* Hypervisor decrementer exception */
2812
if (env->pending_interrupts & (1 << PPC_INTERRUPT_HDECR)) {
2813
env->pending_interrupts &= ~(1 << PPC_INTERRUPT_HDECR);
2814
powerpc_excp(env, env->excp_model, POWERPC_EXCP_HDECR);
2819
/* External critical interrupt */
2820
if (env->pending_interrupts & (1 << PPC_INTERRUPT_CEXT)) {
2821
/* Taking a critical external interrupt does not clear the external
2822
* critical interrupt status
2825
env->pending_interrupts &= ~(1 << PPC_INTERRUPT_CEXT);
2827
powerpc_excp(env, env->excp_model, POWERPC_EXCP_CRITICAL);
2832
/* Watchdog timer on embedded PowerPC */
2833
if (env->pending_interrupts & (1 << PPC_INTERRUPT_WDT)) {
2834
env->pending_interrupts &= ~(1 << PPC_INTERRUPT_WDT);
2835
powerpc_excp(env, env->excp_model, POWERPC_EXCP_WDT);
2838
if (env->pending_interrupts & (1 << PPC_INTERRUPT_CDOORBELL)) {
2839
env->pending_interrupts &= ~(1 << PPC_INTERRUPT_CDOORBELL);
2840
powerpc_excp(env, env->excp_model, POWERPC_EXCP_DOORCI);
2843
/* Fixed interval timer on embedded PowerPC */
2844
if (env->pending_interrupts & (1 << PPC_INTERRUPT_FIT)) {
2845
env->pending_interrupts &= ~(1 << PPC_INTERRUPT_FIT);
2846
powerpc_excp(env, env->excp_model, POWERPC_EXCP_FIT);
2849
/* Programmable interval timer on embedded PowerPC */
2850
if (env->pending_interrupts & (1 << PPC_INTERRUPT_PIT)) {
2851
env->pending_interrupts &= ~(1 << PPC_INTERRUPT_PIT);
2852
powerpc_excp(env, env->excp_model, POWERPC_EXCP_PIT);
2855
/* Decrementer exception */
2856
if (env->pending_interrupts & (1 << PPC_INTERRUPT_DECR)) {
2857
env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DECR);
2858
powerpc_excp(env, env->excp_model, POWERPC_EXCP_DECR);
2861
/* External interrupt */
2862
if (env->pending_interrupts & (1 << PPC_INTERRUPT_EXT)) {
2863
/* Taking an external interrupt does not clear the external
2867
env->pending_interrupts &= ~(1 << PPC_INTERRUPT_EXT);
2869
powerpc_excp(env, env->excp_model, POWERPC_EXCP_EXTERNAL);
2872
if (env->pending_interrupts & (1 << PPC_INTERRUPT_DOORBELL)) {
2873
env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DOORBELL);
2874
powerpc_excp(env, env->excp_model, POWERPC_EXCP_DOORI);
2877
if (env->pending_interrupts & (1 << PPC_INTERRUPT_PERFM)) {
2878
env->pending_interrupts &= ~(1 << PPC_INTERRUPT_PERFM);
2879
powerpc_excp(env, env->excp_model, POWERPC_EXCP_PERFM);
2882
/* Thermal interrupt */
2883
if (env->pending_interrupts & (1 << PPC_INTERRUPT_THERM)) {
2884
env->pending_interrupts &= ~(1 << PPC_INTERRUPT_THERM);
2885
powerpc_excp(env, env->excp_model, POWERPC_EXCP_THERM);
2890
#endif /* !CONFIG_USER_ONLY */
2892
void cpu_dump_rfi (target_ulong RA, target_ulong msr)
2902
fprintf(f, "Return from exception at " ADDRX " with flags " ADDRX "\n",
2906
void cpu_ppc_reset (void *opaque)
2912
msr = (target_ulong)0;
2914
/* XXX: find a suitable condition to enable the hypervisor mode */
2915
msr |= (target_ulong)MSR_HVB;
2917
msr |= (target_ulong)0 << MSR_AP; /* TO BE CHECKED */
2918
msr |= (target_ulong)0 << MSR_SA; /* TO BE CHECKED */
2919
msr |= (target_ulong)1 << MSR_EP;
2920
#if defined (DO_SINGLE_STEP) && 0
2921
/* Single step trace mode */
2922
msr |= (target_ulong)1 << MSR_SE;
2923
msr |= (target_ulong)1 << MSR_BE;
2925
#if defined(CONFIG_USER_ONLY)
2926
msr |= (target_ulong)1 << MSR_FP; /* Allow floating point usage */
2927
msr |= (target_ulong)1 << MSR_PR;
2929
env->nip = env->hreset_vector | env->excp_prefix;
2930
if (env->mmu_model != POWERPC_MMU_REAL)
2931
ppc_tlb_invalidate_all(env);
2934
hreg_compute_hflags(env);
2935
env->reserve = (target_ulong)-1ULL;
2936
/* Be sure no exception or interrupt is pending */
2937
env->pending_interrupts = 0;
2938
env->exception_index = POWERPC_EXCP_NONE;
2939
env->error_code = 0;
2940
/* Flush all TLBs */
2944
CPUPPCState *cpu_ppc_init (const char *cpu_model)
2947
const ppc_def_t *def;
2949
def = cpu_ppc_find_by_name(cpu_model);
2953
env = qemu_mallocz(sizeof(CPUPPCState));
2957
ppc_translate_init();
2958
env->cpu_model_str = cpu_model;
2959
cpu_ppc_register_internal(env, def);
2964
void cpu_ppc_close (CPUPPCState *env)
2966
/* Should also remove all opcode tables... */
added
removed
target-ppc/helper.c
