4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
25 #define DPRINTF_MMU(fmt, ...) \
26 do { printf("MMU: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF_MMU(fmt, ...) do {} while (0)
31 /* Sparc MMU emulation */
33 #if defined(CONFIG_USER_ONLY)
35 int cpu_sparc_handle_mmu_fault(CPUState *env1, target_ulong address, int rw,
39 env1->exception_index = TT_TFAULT;
41 env1->exception_index = TT_DFAULT;
47 #ifndef TARGET_SPARC64
49 * Sparc V8 Reference MMU (SRMMU)
51 static const int access_table[8][8] = {
52 { 0, 0, 0, 0, 8, 0, 12, 12 },
53 { 0, 0, 0, 0, 8, 0, 0, 0 },
54 { 8, 8, 0, 0, 0, 8, 12, 12 },
55 { 8, 8, 0, 0, 0, 8, 0, 0 },
56 { 8, 0, 8, 0, 8, 8, 12, 12 },
57 { 8, 0, 8, 0, 8, 0, 8, 0 },
58 { 8, 8, 8, 0, 8, 8, 12, 12 },
59 { 8, 8, 8, 0, 8, 8, 8, 0 }
62 static const int perm_table[2][8] = {
65 PAGE_READ | PAGE_WRITE,
66 PAGE_READ | PAGE_EXEC,
67 PAGE_READ | PAGE_WRITE | PAGE_EXEC,
69 PAGE_READ | PAGE_WRITE,
70 PAGE_READ | PAGE_EXEC,
71 PAGE_READ | PAGE_WRITE | PAGE_EXEC
75 PAGE_READ | PAGE_WRITE,
76 PAGE_READ | PAGE_EXEC,
77 PAGE_READ | PAGE_WRITE | PAGE_EXEC,
85 static int get_physical_address(CPUState *env, target_phys_addr_t *physical,
86 int *prot, int *access_index,
87 target_ulong address, int rw, int mmu_idx,
88 target_ulong *page_size)
91 target_phys_addr_t pde_ptr;
93 int error_code = 0, is_dirty, is_user;
94 unsigned long page_offset;
96 is_user = mmu_idx == MMU_USER_IDX;
98 if ((env->mmuregs[0] & MMU_E) == 0) { /* MMU disabled */
99 *page_size = TARGET_PAGE_SIZE;
100 // Boot mode: instruction fetches are taken from PROM
101 if (rw == 2 && (env->mmuregs[0] & env->def->mmu_bm)) {
102 *physical = env->prom_addr | (address & 0x7ffffULL);
103 *prot = PAGE_READ | PAGE_EXEC;
107 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
111 *access_index = ((rw & 1) << 2) | (rw & 2) | (is_user? 0 : 1);
112 *physical = 0xffffffffffff0000ULL;
114 /* SPARC reference MMU table walk: Context table->L1->L2->PTE */
115 /* Context base + context number */
116 pde_ptr = (env->mmuregs[1] << 4) + (env->mmuregs[2] << 2);
117 pde = ldl_phys(pde_ptr);
120 switch (pde & PTE_ENTRYTYPE_MASK) {
122 case 0: /* Invalid */
124 case 2: /* L0 PTE, maybe should not happen? */
125 case 3: /* Reserved */
128 pde_ptr = ((address >> 22) & ~3) + ((pde & ~3) << 4);
129 pde = ldl_phys(pde_ptr);
131 switch (pde & PTE_ENTRYTYPE_MASK) {
133 case 0: /* Invalid */
134 return (1 << 8) | (1 << 2);
135 case 3: /* Reserved */
136 return (1 << 8) | (4 << 2);
138 pde_ptr = ((address & 0xfc0000) >> 16) + ((pde & ~3) << 4);
139 pde = ldl_phys(pde_ptr);
141 switch (pde & PTE_ENTRYTYPE_MASK) {
143 case 0: /* Invalid */
144 return (2 << 8) | (1 << 2);
145 case 3: /* Reserved */
146 return (2 << 8) | (4 << 2);
148 pde_ptr = ((address & 0x3f000) >> 10) + ((pde & ~3) << 4);
149 pde = ldl_phys(pde_ptr);
151 switch (pde & PTE_ENTRYTYPE_MASK) {
153 case 0: /* Invalid */
154 return (3 << 8) | (1 << 2);
155 case 1: /* PDE, should not happen */
156 case 3: /* Reserved */
157 return (3 << 8) | (4 << 2);
159 page_offset = (address & TARGET_PAGE_MASK) &
160 (TARGET_PAGE_SIZE - 1);
162 *page_size = TARGET_PAGE_SIZE;
165 page_offset = address & 0x3ffff;
166 *page_size = 0x40000;
170 page_offset = address & 0xffffff;
171 *page_size = 0x1000000;
176 access_perms = (pde & PTE_ACCESS_MASK) >> PTE_ACCESS_SHIFT;
177 error_code = access_table[*access_index][access_perms];
178 if (error_code && !((env->mmuregs[0] & MMU_NF) && is_user))
181 /* update page modified and dirty bits */
182 is_dirty = (rw & 1) && !(pde & PG_MODIFIED_MASK);
183 if (!(pde & PG_ACCESSED_MASK) || is_dirty) {
184 pde |= PG_ACCESSED_MASK;
186 pde |= PG_MODIFIED_MASK;
187 stl_phys_notdirty(pde_ptr, pde);
190 /* the page can be put in the TLB */
191 *prot = perm_table[is_user][access_perms];
192 if (!(pde & PG_MODIFIED_MASK)) {
193 /* only set write access if already dirty... otherwise wait
195 *prot &= ~PAGE_WRITE;
198 /* Even if large ptes, we map only one 4KB page in the cache to
199 avoid filling it too fast */
200 *physical = ((target_phys_addr_t)(pde & PTE_ADDR_MASK) << 4) + page_offset;
204 /* Perform address translation */
205 int cpu_sparc_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
208 target_phys_addr_t paddr;
210 target_ulong page_size;
211 int error_code = 0, prot, access_index;
213 error_code = get_physical_address(env, &paddr, &prot, &access_index,
214 address, rw, mmu_idx, &page_size);
215 if (error_code == 0) {
216 vaddr = address & TARGET_PAGE_MASK;
217 paddr &= TARGET_PAGE_MASK;
219 printf("Translate at " TARGET_FMT_lx " -> " TARGET_FMT_plx ", vaddr "
220 TARGET_FMT_lx "\n", address, paddr, vaddr);
222 tlb_set_page(env, vaddr, paddr, prot, mmu_idx, page_size);
226 if (env->mmuregs[3]) /* Fault status register */
227 env->mmuregs[3] = 1; /* overflow (not read before another fault) */
228 env->mmuregs[3] |= (access_index << 5) | error_code | 2;
229 env->mmuregs[4] = address; /* Fault address register */
231 if ((env->mmuregs[0] & MMU_NF) || env->psret == 0) {
232 // No fault mode: if a mapping is available, just override
233 // permissions. If no mapping is available, redirect accesses to
234 // neverland. Fake/overridden mappings will be flushed when
235 // switching to normal mode.
236 vaddr = address & TARGET_PAGE_MASK;
237 prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
238 tlb_set_page(env, vaddr, paddr, prot, mmu_idx, TARGET_PAGE_SIZE);
242 env->exception_index = TT_TFAULT;
244 env->exception_index = TT_DFAULT;
249 target_ulong mmu_probe(CPUState *env, target_ulong address, int mmulev)
251 target_phys_addr_t pde_ptr;
254 /* Context base + context number */
255 pde_ptr = (target_phys_addr_t)(env->mmuregs[1] << 4) +
256 (env->mmuregs[2] << 2);
257 pde = ldl_phys(pde_ptr);
259 switch (pde & PTE_ENTRYTYPE_MASK) {
261 case 0: /* Invalid */
262 case 2: /* PTE, maybe should not happen? */
263 case 3: /* Reserved */
268 pde_ptr = ((address >> 22) & ~3) + ((pde & ~3) << 4);
269 pde = ldl_phys(pde_ptr);
271 switch (pde & PTE_ENTRYTYPE_MASK) {
273 case 0: /* Invalid */
274 case 3: /* Reserved */
281 pde_ptr = ((address & 0xfc0000) >> 16) + ((pde & ~3) << 4);
282 pde = ldl_phys(pde_ptr);
284 switch (pde & PTE_ENTRYTYPE_MASK) {
286 case 0: /* Invalid */
287 case 3: /* Reserved */
294 pde_ptr = ((address & 0x3f000) >> 10) + ((pde & ~3) << 4);
295 pde = ldl_phys(pde_ptr);
297 switch (pde & PTE_ENTRYTYPE_MASK) {
299 case 0: /* Invalid */
300 case 1: /* PDE, should not happen */
301 case 3: /* Reserved */
312 void dump_mmu(FILE *f, fprintf_function cpu_fprintf, CPUState *env)
314 target_ulong va, va1, va2;
315 unsigned int n, m, o;
316 target_phys_addr_t pde_ptr, pa;
319 pde_ptr = (env->mmuregs[1] << 4) + (env->mmuregs[2] << 2);
320 pde = ldl_phys(pde_ptr);
321 (*cpu_fprintf)(f, "Root ptr: " TARGET_FMT_plx ", ctx: %d\n",
322 (target_phys_addr_t)env->mmuregs[1] << 4, env->mmuregs[2]);
323 for (n = 0, va = 0; n < 256; n++, va += 16 * 1024 * 1024) {
324 pde = mmu_probe(env, va, 2);
326 pa = cpu_get_phys_page_debug(env, va);
327 (*cpu_fprintf)(f, "VA: " TARGET_FMT_lx ", PA: " TARGET_FMT_plx
328 " PDE: " TARGET_FMT_lx "\n", va, pa, pde);
329 for (m = 0, va1 = va; m < 64; m++, va1 += 256 * 1024) {
330 pde = mmu_probe(env, va1, 1);
332 pa = cpu_get_phys_page_debug(env, va1);
333 (*cpu_fprintf)(f, " VA: " TARGET_FMT_lx ", PA: "
334 TARGET_FMT_plx " PDE: " TARGET_FMT_lx "\n",
336 for (o = 0, va2 = va1; o < 64; o++, va2 += 4 * 1024) {
337 pde = mmu_probe(env, va2, 0);
339 pa = cpu_get_phys_page_debug(env, va2);
340 (*cpu_fprintf)(f, " VA: " TARGET_FMT_lx ", PA: "
341 TARGET_FMT_plx " PTE: "
352 /* Gdb expects all registers windows to be flushed in ram. This function handles
353 * reads (and only reads) in stack frames as if windows were flushed. We assume
354 * that the sparc ABI is followed.
356 int target_memory_rw_debug(CPUState *env, target_ulong addr,
357 uint8_t *buf, int len, int is_write)
364 for (i = 0; i < env->nwindows; i++) {
366 target_ulong fp = env->regbase[cwp * 16 + 22];
368 /* Assume fp == 0 means end of frame. */
373 cwp = cpu_cwp_inc(env, cwp + 1);
375 /* Invalid window ? */
376 if (env->wim & (1 << cwp)) {
380 /* According to the ABI, the stack is growing downward. */
381 if (addr + len < fp) {
385 /* Not in this frame. */
386 if (addr > fp + 64) {
390 /* Handle access before this window. */
393 if (cpu_memory_rw_debug(env, addr, buf, len1, is_write) != 0) {
401 /* Access byte per byte to registers. Not very efficient but speed
411 for (; len1; len1--) {
412 int reg = cwp * 16 + 8 + (off >> 2);
417 u.v = cpu_to_be32(env->regbase[reg]);
418 *buf++ = u.c[off & 3];
429 return cpu_memory_rw_debug(env, addr, buf, len, is_write);
432 #else /* !TARGET_SPARC64 */
434 // 41 bit physical address space
435 static inline target_phys_addr_t ultrasparc_truncate_physical(uint64_t x)
437 return x & 0x1ffffffffffULL;
441 * UltraSparc IIi I/DMMUs
444 // Returns true if TTE tag is valid and matches virtual address value in context
445 // requires virtual address mask value calculated from TTE entry size
446 static inline int ultrasparc_tag_match(SparcTLBEntry *tlb,
447 uint64_t address, uint64_t context,
448 target_phys_addr_t *physical)
452 switch (TTE_PGSIZE(tlb->tte)) {
455 mask = 0xffffffffffffe000ULL;
458 mask = 0xffffffffffff0000ULL;
461 mask = 0xfffffffffff80000ULL;
464 mask = 0xffffffffffc00000ULL;
468 // valid, context match, virtual address match?
469 if (TTE_IS_VALID(tlb->tte) &&
470 (TTE_IS_GLOBAL(tlb->tte) || tlb_compare_context(tlb, context))
471 && compare_masked(address, tlb->tag, mask))
473 // decode physical address
474 *physical = ((tlb->tte & mask) | (address & ~mask)) & 0x1ffffffe000ULL;
481 static int get_physical_address_data(CPUState *env,
482 target_phys_addr_t *physical, int *prot,
483 target_ulong address, int rw, int mmu_idx)
489 int is_user = (mmu_idx == MMU_USER_IDX ||
490 mmu_idx == MMU_USER_SECONDARY_IDX);
492 if ((env->lsu & DMMU_E) == 0) { /* DMMU disabled */
493 *physical = ultrasparc_truncate_physical(address);
494 *prot = PAGE_READ | PAGE_WRITE;
501 context = env->dmmu.mmu_primary_context & 0x1fff;
502 sfsr |= SFSR_CT_PRIMARY;
504 case MMU_USER_SECONDARY_IDX:
505 case MMU_KERNEL_SECONDARY_IDX:
506 context = env->dmmu.mmu_secondary_context & 0x1fff;
507 sfsr |= SFSR_CT_SECONDARY;
509 case MMU_NUCLEUS_IDX:
510 sfsr |= SFSR_CT_NUCLEUS;
518 sfsr |= SFSR_WRITE_BIT;
519 } else if (rw == 4) {
523 for (i = 0; i < 64; i++) {
524 // ctx match, vaddr match, valid?
525 if (ultrasparc_tag_match(&env->dtlb[i], address, context, physical)) {
529 /* multiple bits in SFSR.FT may be set on TT_DFAULT */
530 if (TTE_IS_PRIV(env->dtlb[i].tte) && is_user) {
532 sfsr |= SFSR_FT_PRIV_BIT; /* privilege violation */
534 DPRINTF_MMU("DFAULT at %" PRIx64 " context %" PRIx64
535 " mmu_idx=%d tl=%d\n",
536 address, context, mmu_idx, env->tl);
539 if (TTE_IS_SIDEEFFECT(env->dtlb[i].tte)) {
541 sfsr |= SFSR_FT_NF_E_BIT;
544 if (TTE_IS_NFO(env->dtlb[i].tte)) {
546 sfsr |= SFSR_FT_NFO_BIT;
551 /* faults above are reported with TT_DFAULT. */
552 env->exception_index = TT_DFAULT;
553 } else if (!TTE_IS_W_OK(env->dtlb[i].tte) && (rw == 1)) {
555 env->exception_index = TT_DPROT;
557 DPRINTF_MMU("DPROT at %" PRIx64 " context %" PRIx64
558 " mmu_idx=%d tl=%d\n",
559 address, context, mmu_idx, env->tl);
564 if (TTE_IS_W_OK(env->dtlb[i].tte)) {
568 TTE_SET_USED(env->dtlb[i].tte);
573 if (env->dmmu.sfsr & SFSR_VALID_BIT) { /* Fault status register */
574 sfsr |= SFSR_OW_BIT; /* overflow (not read before
578 if (env->pstate & PS_PRIV) {
582 /* FIXME: ASI field in SFSR must be set */
583 env->dmmu.sfsr = sfsr | SFSR_VALID_BIT;
585 env->dmmu.sfar = address; /* Fault address register */
587 env->dmmu.tag_access = (address & ~0x1fffULL) | context;
593 DPRINTF_MMU("DMISS at %" PRIx64 " context %" PRIx64 "\n",
598 * - UltraSPARC IIi: SFSR and SFAR unmodified
599 * - JPS1: SFAR updated and some fields of SFSR updated
601 env->dmmu.tag_access = (address & ~0x1fffULL) | context;
602 env->exception_index = TT_DMISS;
606 static int get_physical_address_code(CPUState *env,
607 target_phys_addr_t *physical, int *prot,
608 target_ulong address, int mmu_idx)
613 int is_user = (mmu_idx == MMU_USER_IDX ||
614 mmu_idx == MMU_USER_SECONDARY_IDX);
616 if ((env->lsu & IMMU_E) == 0 || (env->pstate & PS_RED) != 0) {
618 *physical = ultrasparc_truncate_physical(address);
624 /* PRIMARY context */
625 context = env->dmmu.mmu_primary_context & 0x1fff;
627 /* NUCLEUS context */
631 for (i = 0; i < 64; i++) {
632 // ctx match, vaddr match, valid?
633 if (ultrasparc_tag_match(&env->itlb[i],
634 address, context, physical)) {
636 if (TTE_IS_PRIV(env->itlb[i].tte) && is_user) {
637 /* Fault status register */
638 if (env->immu.sfsr & SFSR_VALID_BIT) {
639 env->immu.sfsr = SFSR_OW_BIT; /* overflow (not read before
644 if (env->pstate & PS_PRIV) {
645 env->immu.sfsr |= SFSR_PR_BIT;
648 env->immu.sfsr |= SFSR_CT_NUCLEUS;
651 /* FIXME: ASI field in SFSR must be set */
652 env->immu.sfsr |= SFSR_FT_PRIV_BIT | SFSR_VALID_BIT;
653 env->exception_index = TT_TFAULT;
655 env->immu.tag_access = (address & ~0x1fffULL) | context;
657 DPRINTF_MMU("TFAULT at %" PRIx64 " context %" PRIx64 "\n",
663 TTE_SET_USED(env->itlb[i].tte);
668 DPRINTF_MMU("TMISS at %" PRIx64 " context %" PRIx64 "\n",
671 /* Context is stored in DMMU (dmmuregs[1]) also for IMMU */
672 env->immu.tag_access = (address & ~0x1fffULL) | context;
673 env->exception_index = TT_TMISS;
677 static int get_physical_address(CPUState *env, target_phys_addr_t *physical,
678 int *prot, int *access_index,
679 target_ulong address, int rw, int mmu_idx,
680 target_ulong *page_size)
682 /* ??? We treat everything as a small page, then explicitly flush
683 everything when an entry is evicted. */
684 *page_size = TARGET_PAGE_SIZE;
686 #if defined (DEBUG_MMU)
687 /* safety net to catch wrong softmmu index use from dynamic code */
688 if (env->tl > 0 && mmu_idx != MMU_NUCLEUS_IDX) {
689 DPRINTF_MMU("get_physical_address %s tl=%d mmu_idx=%d"
690 " primary context=%" PRIx64
691 " secondary context=%" PRIx64
694 (rw == 2 ? "CODE" : "DATA"),
696 env->dmmu.mmu_primary_context,
697 env->dmmu.mmu_secondary_context,
703 return get_physical_address_code(env, physical, prot, address,
706 return get_physical_address_data(env, physical, prot, address, rw,
710 /* Perform address translation */
711 int cpu_sparc_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
714 target_ulong virt_addr, vaddr;
715 target_phys_addr_t paddr;
716 target_ulong page_size;
717 int error_code = 0, prot, access_index;
719 error_code = get_physical_address(env, &paddr, &prot, &access_index,
720 address, rw, mmu_idx, &page_size);
721 if (error_code == 0) {
722 virt_addr = address & TARGET_PAGE_MASK;
723 vaddr = virt_addr + ((address & TARGET_PAGE_MASK) &
724 (TARGET_PAGE_SIZE - 1));
726 DPRINTF_MMU("Translate at %" PRIx64 " -> %" PRIx64 ","
730 " primary context=%" PRIx64
731 " secondary context=%" PRIx64
733 address, paddr, vaddr, mmu_idx, env->tl,
734 env->dmmu.mmu_primary_context,
735 env->dmmu.mmu_secondary_context);
737 tlb_set_page(env, vaddr, paddr, prot, mmu_idx, page_size);
744 void dump_mmu(FILE *f, fprintf_function cpu_fprintf, CPUState *env)
749 (*cpu_fprintf)(f, "MMU contexts: Primary: %" PRId64 ", Secondary: %"
751 env->dmmu.mmu_primary_context,
752 env->dmmu.mmu_secondary_context);
753 if ((env->lsu & DMMU_E) == 0) {
754 (*cpu_fprintf)(f, "DMMU disabled\n");
756 (*cpu_fprintf)(f, "DMMU dump\n");
757 for (i = 0; i < 64; i++) {
758 switch (TTE_PGSIZE(env->dtlb[i].tte)) {
773 if (TTE_IS_VALID(env->dtlb[i].tte)) {
774 (*cpu_fprintf)(f, "[%02u] VA: %" PRIx64 ", PA: %llx"
775 ", %s, %s, %s, %s, ctx %" PRId64 " %s\n",
777 env->dtlb[i].tag & (uint64_t)~0x1fffULL,
778 TTE_PA(env->dtlb[i].tte),
780 TTE_IS_PRIV(env->dtlb[i].tte) ? "priv" : "user",
781 TTE_IS_W_OK(env->dtlb[i].tte) ? "RW" : "RO",
782 TTE_IS_LOCKED(env->dtlb[i].tte) ?
783 "locked" : "unlocked",
784 env->dtlb[i].tag & (uint64_t)0x1fffULL,
785 TTE_IS_GLOBAL(env->dtlb[i].tte)?
790 if ((env->lsu & IMMU_E) == 0) {
791 (*cpu_fprintf)(f, "IMMU disabled\n");
793 (*cpu_fprintf)(f, "IMMU dump\n");
794 for (i = 0; i < 64; i++) {
795 switch (TTE_PGSIZE(env->itlb[i].tte)) {
810 if (TTE_IS_VALID(env->itlb[i].tte)) {
811 (*cpu_fprintf)(f, "[%02u] VA: %" PRIx64 ", PA: %llx"
812 ", %s, %s, %s, ctx %" PRId64 " %s\n",
814 env->itlb[i].tag & (uint64_t)~0x1fffULL,
815 TTE_PA(env->itlb[i].tte),
817 TTE_IS_PRIV(env->itlb[i].tte) ? "priv" : "user",
818 TTE_IS_LOCKED(env->itlb[i].tte) ?
819 "locked" : "unlocked",
820 env->itlb[i].tag & (uint64_t)0x1fffULL,
821 TTE_IS_GLOBAL(env->itlb[i].tte)?
828 #endif /* TARGET_SPARC64 */
830 static int cpu_sparc_get_phys_page(CPUState *env, target_phys_addr_t *phys,
831 target_ulong addr, int rw, int mmu_idx)
833 target_ulong page_size;
834 int prot, access_index;
836 return get_physical_address(env, phys, &prot, &access_index, addr, rw,
837 mmu_idx, &page_size);
840 #if defined(TARGET_SPARC64)
841 target_phys_addr_t cpu_get_phys_page_nofault(CPUState *env, target_ulong addr,
844 target_phys_addr_t phys_addr;
846 if (cpu_sparc_get_phys_page(env, &phys_addr, addr, 4, mmu_idx) != 0) {
853 target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
855 target_phys_addr_t phys_addr;
856 int mmu_idx = cpu_mmu_index(env);
858 if (cpu_sparc_get_phys_page(env, &phys_addr, addr, 2, mmu_idx) != 0) {
859 if (cpu_sparc_get_phys_page(env, &phys_addr, addr, 0, mmu_idx) != 0) {
863 if (cpu_get_physical_page_desc(phys_addr) == IO_MEM_UNASSIGNED) {
projects / qemu.git / blob