# define LOG_SLB(...) do { } while (0)
#endif
-struct mmu_ctx_hash64 {
- hwaddr raddr; /* Real address */
- int prot; /* Protection bits */
- int key; /* Access key */
-};
-
/*
* SLB handling
*/
* 64-bit hash table MMU handling
*/
-static int ppc_hash64_pp_check(int key, int pp, bool nx)
+static int ppc_hash64_pte_prot(CPUPPCState *env,
+ ppc_slb_t *slb, ppc_hash_pte64_t pte)
{
- int access;
+ unsigned pp, key;
+ /* Some pp bit combinations have undefined behaviour, so default
+ * to no access in those cases */
+ int prot = 0;
+
+ key = !!(msr_pr ? (slb->vsid & SLB_VSID_KP)
+ : (slb->vsid & SLB_VSID_KS));
+ pp = (pte.pte1 & HPTE64_R_PP) | ((pte.pte1 & HPTE64_R_PP0) >> 61);
- /* Compute access rights */
- /* When pp is 4, 5 or 7, the result is undefined. Set it to noaccess */
- access = 0;
if (key == 0) {
switch (pp) {
case 0x0:
case 0x1:
case 0x2:
- access |= PAGE_WRITE;
- /* No break here */
+ prot = PAGE_READ | PAGE_WRITE;
+ break;
+
case 0x3:
case 0x6:
- access |= PAGE_READ;
+ prot = PAGE_READ;
break;
}
} else {
switch (pp) {
case 0x0:
case 0x6:
- access = 0;
+ prot = 0;
break;
+
case 0x1:
case 0x3:
- access = PAGE_READ;
+ prot = PAGE_READ;
break;
+
case 0x2:
- access = PAGE_READ | PAGE_WRITE;
+ prot = PAGE_READ | PAGE_WRITE;
break;
}
}
- if (!nx) {
- access |= PAGE_EXEC;
+
+ /* No execute if either noexec or guarded bits set */
+ if (!(pte.pte1 & HPTE64_R_N) || (pte.pte1 & HPTE64_R_G)
+ || (slb->vsid & SLB_VSID_N)) {
+ prot |= PAGE_EXEC;
}
- return access;
+ return prot;
}
-static int ppc_hash64_check_prot(int prot, int rwx)
+static int ppc_hash64_amr_prot(CPUPPCState *env, ppc_hash_pte64_t pte)
{
- int ret;
+ int key, amrbits;
+ int prot = PAGE_EXEC;
- if (rwx == 2) {
- if (prot & PAGE_EXEC) {
- ret = 0;
- } else {
- ret = -2;
- }
- } else if (rwx == 1) {
- if (prot & PAGE_WRITE) {
- ret = 0;
- } else {
- ret = -2;
- }
- } else {
- if (prot & PAGE_READ) {
- ret = 0;
- } else {
- ret = -2;
- }
+
+ /* Only recent MMUs implement Virtual Page Class Key Protection */
+ if (!(env->mmu_model & POWERPC_MMU_AMR)) {
+ return PAGE_READ | PAGE_WRITE | PAGE_EXEC;
}
- return ret;
-}
+ key = HPTE64_R_KEY(pte.pte1);
+ amrbits = (env->spr[SPR_AMR] >> 2*(31 - key)) & 0x3;
-static int pte64_check(struct mmu_ctx_hash64 *ctx, target_ulong pte0,
- target_ulong pte1, int rwx)
-{
- int access, ret, pp;
- bool nx;
+ /* fprintf(stderr, "AMR protection: key=%d AMR=0x%" PRIx64 "\n", key, */
+ /* env->spr[SPR_AMR]); */
- pp = (pte1 & HPTE64_R_PP) | ((pte1 & HPTE64_R_PP0) >> 61);
- /* No execute if either noexec or guarded bits set */
- nx = (pte1 & HPTE64_R_N) || (pte1 & HPTE64_R_G);
- /* Compute access rights */
- access = ppc_hash64_pp_check(ctx->key, pp, nx);
- /* Keep the matching PTE informations */
- ctx->raddr = pte1;
- ctx->prot = access;
- ret = ppc_hash64_check_prot(ctx->prot, rwx);
- if (ret == 0) {
- /* Access granted */
- LOG_MMU("PTE access granted !\n");
- } else {
- /* Access right violation */
- LOG_MMU("PTE access rejected\n");
+ if (amrbits & 0x2) {
+ prot |= PAGE_WRITE;
}
-
- return ret;
-}
-
-static int ppc_hash64_pte_update_flags(struct mmu_ctx_hash64 *ctx,
- uint64_t *pte1p, int ret, int rw)
-{
- int store = 0;
-
- /* Update page flags */
- if (!(*pte1p & HPTE64_R_R)) {
- /* Update accessed flag */
- *pte1p |= HPTE64_R_R;
- store = 1;
- }
- if (!(*pte1p & HPTE64_R_C)) {
- if (rw == 1 && ret == 0) {
- /* Update changed flag */
- *pte1p |= HPTE64_R_C;
- store = 1;
- } else {
- /* Force page fault for first write access */
- ctx->prot &= ~PAGE_WRITE;
- }
+ if (amrbits & 0x1) {
+ prot |= PAGE_READ;
}
- return store;
+ return prot;
}
static hwaddr ppc_hash64_pteg_search(CPUPPCState *env, hwaddr pteg_off,
ppc_hash_pte64_t *pte)
{
hwaddr pteg_off, pte_offset;
- uint64_t vsid, pageaddr, ptem;
hwaddr hash;
- int segment_bits, target_page_bits;
-
- if (slb->vsid & SLB_VSID_B) {
- vsid = (slb->vsid & SLB_VSID_VSID) >> SLB_VSID_SHIFT_1T;
- segment_bits = 40;
- } else {
- vsid = (slb->vsid & SLB_VSID_VSID) >> SLB_VSID_SHIFT;
- segment_bits = 28;
- }
+ uint64_t vsid, epnshift, epnmask, epn, ptem;
- target_page_bits = (slb->vsid & SLB_VSID_L)
+ /* Page size according to the SLB, which we use to generate the
+ * EPN for hash table lookup.. When we implement more recent MMU
+ * extensions this might be different from the actual page size
+ * encoded in the PTE */
+ epnshift = (slb->vsid & SLB_VSID_L)
? TARGET_PAGE_BITS_16M : TARGET_PAGE_BITS;
+ epnmask = ~((1ULL << epnshift) - 1);
- pageaddr = eaddr & ((1ULL << segment_bits)
- - (1ULL << target_page_bits));
if (slb->vsid & SLB_VSID_B) {
- hash = vsid ^ (vsid << 25) ^ (pageaddr >> target_page_bits);
+ /* 1TB segment */
+ vsid = (slb->vsid & SLB_VSID_VSID) >> SLB_VSID_SHIFT_1T;
+ epn = (eaddr & ~SEGMENT_MASK_1T) & epnmask;
+ hash = vsid ^ (vsid << 25) ^ (epn >> epnshift);
} else {
- hash = vsid ^ (pageaddr >> target_page_bits);
+ /* 256M segment */
+ vsid = (slb->vsid & SLB_VSID_VSID) >> SLB_VSID_SHIFT;
+ epn = (eaddr & ~SEGMENT_MASK_256M) & epnmask;
+ hash = vsid ^ (epn >> epnshift);
}
- /* Only 5 bits of the page index are used in the AVPN */
- ptem = (slb->vsid & SLB_VSID_PTEM) |
- ((pageaddr >> 16) & ((1ULL << segment_bits) - 0x80));
+ ptem = (slb->vsid & SLB_VSID_PTEM) | ((epn >> 16) & HPTE64_V_AVPN);
/* Page address translation */
LOG_MMU("htab_base " TARGET_FMT_plx " htab_mask " TARGET_FMT_plx
return pte_offset;
}
-static int ppc_hash64_translate(CPUPPCState *env, struct mmu_ctx_hash64 *ctx,
- target_ulong eaddr, int rwx)
+static hwaddr ppc_hash64_pte_raddr(ppc_slb_t *slb, ppc_hash_pte64_t pte,
+ target_ulong eaddr)
+{
+ hwaddr rpn = pte.pte1 & HPTE64_R_RPN;
+ /* FIXME: Add support for SLLP extended page sizes */
+ int target_page_bits = (slb->vsid & SLB_VSID_L)
+ ? TARGET_PAGE_BITS_16M : TARGET_PAGE_BITS;
+ hwaddr mask = (1ULL << target_page_bits) - 1;
+
+ return (rpn & ~mask) | (eaddr & mask);
+}
+
+int ppc_hash64_handle_mmu_fault(CPUPPCState *env, target_ulong eaddr,
+ int rwx, int mmu_idx)
{
- int ret;
ppc_slb_t *slb;
hwaddr pte_offset;
ppc_hash_pte64_t pte;
- int target_page_bits;
+ int pp_prot, amr_prot, prot;
+ uint64_t new_pte1;
+ const int need_prot[] = {PAGE_READ, PAGE_WRITE, PAGE_EXEC};
+ hwaddr raddr;
+
+ assert((rwx == 0) || (rwx == 1) || (rwx == 2));
/* 1. Handle real mode accesses */
if (((rwx == 2) && (msr_ir == 0)) || ((rwx != 2) && (msr_dr == 0))) {
/* Translation is off */
/* In real mode the top 4 effective address bits are ignored */
- ctx->raddr = eaddr & 0x0FFFFFFFFFFFFFFFULL;
- ctx->prot = PAGE_READ | PAGE_EXEC | PAGE_WRITE;
+ raddr = eaddr & 0x0FFFFFFFFFFFFFFFULL;
+ tlb_set_page(env, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK,
+ PAGE_READ | PAGE_WRITE | PAGE_EXEC, mmu_idx,
+ TARGET_PAGE_SIZE);
return 0;
}
slb = slb_lookup(env, eaddr);
if (!slb) {
- return -5;
+ if (rwx == 2) {
+ env->exception_index = POWERPC_EXCP_ISEG;
+ env->error_code = 0;
+ } else {
+ env->exception_index = POWERPC_EXCP_DSEG;
+ env->error_code = 0;
+ env->spr[SPR_DAR] = eaddr;
+ }
+ return 1;
}
/* 3. Check for segment level no-execute violation */
if ((rwx == 2) && (slb->vsid & SLB_VSID_N)) {
- return -3;
+ env->exception_index = POWERPC_EXCP_ISI;
+ env->error_code = 0x10000000;
+ return 1;
}
/* 4. Locate the PTE in the hash table */
pte_offset = ppc_hash64_htab_lookup(env, slb, eaddr, &pte);
if (pte_offset == -1) {
- return -1;
+ if (rwx == 2) {
+ env->exception_index = POWERPC_EXCP_ISI;
+ env->error_code = 0x40000000;
+ } else {
+ env->exception_index = POWERPC_EXCP_DSI;
+ env->error_code = 0;
+ env->spr[SPR_DAR] = eaddr;
+ if (rwx == 1) {
+ env->spr[SPR_DSISR] = 0x42000000;
+ } else {
+ env->spr[SPR_DSISR] = 0x40000000;
+ }
+ }
+ return 1;
}
LOG_MMU("found PTE at offset %08" HWADDR_PRIx "\n", pte_offset);
/* 5. Check access permissions */
- ctx->key = !!(msr_pr ? (slb->vsid & SLB_VSID_KP)
- : (slb->vsid & SLB_VSID_KS));
- ret = pte64_check(ctx, pte.pte0, pte.pte1, rwx);
- /* Update page flags */
- if (ppc_hash64_pte_update_flags(ctx, &pte.pte1, ret, rwx) == 1) {
- ppc_hash64_store_hpte1(env, pte_offset, pte.pte1);
+ pp_prot = ppc_hash64_pte_prot(env, slb, pte);
+ amr_prot = ppc_hash64_amr_prot(env, pte);
+ prot = pp_prot & amr_prot;
+
+ if ((need_prot[rwx] & ~prot) != 0) {
+ /* Access right violation */
+ LOG_MMU("PTE access rejected\n");
+ if (rwx == 2) {
+ env->exception_index = POWERPC_EXCP_ISI;
+ env->error_code = 0x08000000;
+ } else {
+ target_ulong dsisr = 0;
+
+ env->exception_index = POWERPC_EXCP_DSI;
+ env->error_code = 0;
+ env->spr[SPR_DAR] = eaddr;
+ if (need_prot[rwx] & ~pp_prot) {
+ dsisr |= 0x08000000;
+ }
+ if (rwx == 1) {
+ dsisr |= 0x02000000;
+ }
+ if (need_prot[rwx] & ~amr_prot) {
+ dsisr |= 0x00200000;
+ }
+ env->spr[SPR_DSISR] = dsisr;
+ }
+ return 1;
}
- /* We have a TLB that saves 4K pages, so let's
- * split a huge page to 4k chunks */
- target_page_bits = (slb->vsid & SLB_VSID_L)
- ? TARGET_PAGE_BITS_16M : TARGET_PAGE_BITS;
- if (target_page_bits != TARGET_PAGE_BITS) {
- ctx->raddr |= (eaddr & ((1 << target_page_bits) - 1))
- & TARGET_PAGE_MASK;
+ LOG_MMU("PTE access granted !\n");
+
+ /* 6. Update PTE referenced and changed bits if necessary */
+
+ new_pte1 = pte.pte1 | HPTE64_R_R; /* set referenced bit */
+ if (rwx == 1) {
+ new_pte1 |= HPTE64_R_C; /* set changed (dirty) bit */
+ } else {
+ /* Treat the page as read-only for now, so that a later write
+ * will pass through this function again to set the C bit */
+ prot &= ~PAGE_WRITE;
+ }
+
+ if (new_pte1 != pte.pte1) {
+ ppc_hash64_store_hpte1(env, pte_offset, new_pte1);
}
- return ret;
+
+ /* 7. Determine the real address from the PTE */
+
+ raddr = ppc_hash64_pte_raddr(slb, pte, eaddr);
+
+ tlb_set_page(env, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK,
+ prot, mmu_idx, TARGET_PAGE_SIZE);
+
+ return 0;
}
hwaddr ppc_hash64_get_phys_page_debug(CPUPPCState *env, target_ulong addr)
{
- struct mmu_ctx_hash64 ctx;
+ ppc_slb_t *slb;
+ hwaddr pte_offset;
+ ppc_hash_pte64_t pte;
- if (unlikely(ppc_hash64_translate(env, &ctx, addr, 0) != 0)) {
- return -1;
+ if (msr_dr == 0) {
+ /* In real mode the top 4 effective address bits are ignored */
+ return addr & 0x0FFFFFFFFFFFFFFFULL;
}
- return ctx.raddr & TARGET_PAGE_MASK;
-}
+ slb = slb_lookup(env, addr);
+ if (!slb) {
+ return -1;
+ }
-int ppc_hash64_handle_mmu_fault(CPUPPCState *env, target_ulong address, int rwx,
- int mmu_idx)
-{
- struct mmu_ctx_hash64 ctx;
- int ret = 0;
-
- ret = ppc_hash64_translate(env, &ctx, address, rwx);
- if (ret == 0) {
- tlb_set_page(env, address & TARGET_PAGE_MASK,
- ctx.raddr & TARGET_PAGE_MASK, ctx.prot,
- mmu_idx, TARGET_PAGE_SIZE);
- ret = 0;
- } else if (ret < 0) {
- LOG_MMU_STATE(env);
- if (rwx == 2) {
- switch (ret) {
- case -1:
- env->exception_index = POWERPC_EXCP_ISI;
- env->error_code = 0x40000000;
- break;
- case -2:
- /* Access rights violation */
- env->exception_index = POWERPC_EXCP_ISI;
- env->error_code = 0x08000000;
- break;
- case -3:
- /* No execute protection violation */
- env->exception_index = POWERPC_EXCP_ISI;
- env->error_code = 0x10000000;
- break;
- case -5:
- /* No match in segment table */
- env->exception_index = POWERPC_EXCP_ISEG;
- env->error_code = 0;
- break;
- }
- } else {
- switch (ret) {
- case -1:
- /* No matches in page tables or TLB */
- env->exception_index = POWERPC_EXCP_DSI;
- env->error_code = 0;
- env->spr[SPR_DAR] = address;
- if (rwx == 1) {
- env->spr[SPR_DSISR] = 0x42000000;
- } else {
- env->spr[SPR_DSISR] = 0x40000000;
- }
- break;
- case -2:
- /* Access rights violation */
- env->exception_index = POWERPC_EXCP_DSI;
- env->error_code = 0;
- env->spr[SPR_DAR] = address;
- if (rwx == 1) {
- env->spr[SPR_DSISR] = 0x0A000000;
- } else {
- env->spr[SPR_DSISR] = 0x08000000;
- }
- break;
- case -5:
- /* No match in segment table */
- env->exception_index = POWERPC_EXCP_DSEG;
- env->error_code = 0;
- env->spr[SPR_DAR] = address;
- break;
- }
- }
-#if 0
- printf("%s: set exception to %d %02x\n", __func__,
- env->exception, env->error_code);
-#endif
- ret = 1;
+ pte_offset = ppc_hash64_htab_lookup(env, slb, addr, &pte);
+ if (pte_offset == -1) {
+ return -1;
}
- return ret;
+ return ppc_hash64_pte_raddr(slb, pte, addr) & TARGET_PAGE_MASK;
}
projects / qemu.git / blobdiff